CVE-2020-7592 — MEDIUM (6.5)

Vulnerability Description

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Siemens	Simatic Hmi Basic Panels 1St Generation	All versions
Siemens	Simatic Hmi Basic Panels 2Nd Generation	All versions
Siemens	Simatic Wincc Runtime Advanced	All versions
Siemens	Simatic Hmi Comfort Panels Firmware	All versions
Siemens	Simatic Hmi Comfort Panels	-
Siemens	Simatic Hmi Ktp700F Mobile Arctic Firmware	All versions
Siemens	Simatic Hmi Ktp700F Mobile Arctic	-
Siemens	Simatic Hmi Mobile Panels 2Nd Generation Firmware	All versions
Siemens	Simatic Hmi Mobile Panels 2Nd Generation	-

Related Weaknesses (CWE)

CWE-319

References

https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdfVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04Third Party AdvisoryUS Government Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdfVendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-7592?

CVE-2020-7592 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), S...

How severe is CVE-2020-7592?

CVE-2020-7592 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-7592?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Hmi Basic Panels 1St Generation, Siemens Simatic Hmi Basic Panels 2Nd Generation, Siemens Simatic Wincc Runtime Advanced, Siemens Simatic Hmi Comfort Panels Firmware, Siemens Simatic Hmi Comfort Panels.