PT-2020-14631 · Siemens · Sm@Rt Server+4
Published
2020-09-09
·
Updated
2021-06-08
·
CVE-2020-15786
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) versions prior to V16
SIMATIC HMI Comfort Panels (incl. SIPLUS variants) versions prior to V16
SIMATIC HMI Mobile Panels versions prior to V16
SIMATIC HMI Unified Comfort Panels versions prior to V16
Description
A security issue has been identified where affected devices do not properly block excessive authentication attempts, allowing a remote attacker to potentially discover user passwords through a brute-force attack and gain access to the Sm@rt Server.
Recommendations
For SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) versions prior to V16, update to version V16 or later.
For SIMATIC HMI Comfort Panels (incl. SIPLUS variants) versions prior to V16, update to version V16 or later.
For SIMATIC HMI Mobile Panels versions prior to V16, update to version V16 or later.
For SIMATIC HMI Unified Comfort Panels versions prior to V16, update to version V16 or later.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Hmi Basic Panels 2Nd Generation
Simatic Hmi Comfort Panels
Simatic Hmi Ktp Mobile Panels
Simatic Hmi Unified Comfort Panels
Sm@Rt Server