^{CVE-2020-15798:}Telnet Service Authentication Bypass in Siemens SIMATIC HMI and SINAMICS Products

Overview

The vulnerability (ZDI-CAN-12046) exists in the telnet service implementation of affected Siemens industrial devices. When the telnet service is enabled on these devices, they fail to enforce proper authentication mechanisms, allowing unauthorized remote users to connect to the service. An attacker who exploits this vulnerability could gain complete access to the affected device, potentially allowing them to view sensitive information, modify configurations, or disrupt industrial operations. This poses a significant risk to industrial environments where these devices are deployed, as unauthorized access could lead to production disruptions or safety incidents.

Remediation

To address this vulnerability, Siemens recommends the following mitigations:

1. Update affected SIMATIC HMI Comfort Panels and KTP Mobile Panels to version V16 Update 3a or later.
2. For SINAMICS products where updates may not be available, consider the following measures:
   • Disable the telnet service if not required
   • Use network segmentation to restrict access to affected devices
   • Implement firewall rules to block unauthorized access to the telnet port
   • Apply defense-in-depth security strategies to protect industrial networks
3. Follow the specific guidance provided in the Siemens Security Advisories (SSA-520004 and SSA-752103)
4. Review and implement recommendations from the CISA ICS Advisory (ICSA-21-033-02)

References

1. Siemens Security Advisory SSA-520004: https://cert-portal.siemens.com/productcert/pdf/ssa-520004.pdf
2. Siemens Security Advisory SSA-752103: https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf
3. CISA ICS Advisory ICSA-21-033-02: https://us-cert.cisa.gov/ics/advisories/icsa-21-033-02
4. CVE-2020-15798: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15798
5. Zero Day Initiative Canonical ID: ZDI-CAN-12046