1. Home
  2. CVE Database
  3. CVE-2013-6920
HIGH · 10.0

CVE-2013-6920

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP tra...

Vulnerability Description

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
SiemensSinamics S\/G Family Firmware<= 4.6
SiemensSinamics G110-
SiemensSinamics G110D-
SiemensSinamics G120-
SiemensSinamics G120C-
SiemensSinamics G120D-
SiemensSinamics G120P-
SiemensSinamics G130-
SiemensSinamics G150-
SiemensSinamics G180-
SiemensSinamics S110-
SiemensSinamics S120-
SiemensSinamics S120Cm-
SiemensSinamics S150-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2013-6920?

CVE-2013-6920 is a vulnerability with a CVSS score of 10.0 (HIGH). Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP tra...

How severe is CVE-2013-6920?

CVE-2013-6920 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-6920?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinamics S\/G Family Firmware, Siemens Sinamics G110, Siemens Sinamics G110D, Siemens Sinamics G120, Siemens Sinamics G120C.