CVE-2020-15791

Name of the Vulnerable Software and Affected Versions SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions) SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions) SIMATIC WinAC RTX (F) 2010 (All versions) SINUMERIK 840D sl (All versions)

Description A security issue has been found in the authentication protocol used between a client and a Programmable Logic Controller (PLC) via port 102/tcp (ISO-TSAP). The protocol does not adequately protect the password being transmitted, which could allow an attacker who intercepts the network traffic to obtain valid PLC credentials.

Recommendations For SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), consider restricting access to port 102/tcp (ISO-TSAP) to minimize the risk of exploitation. For SIMATIC S7-400 CPU family (incl. SIPLUS variants), restrict access to the authentication protocol via port 102/tcp (ISO-TSAP) until a fix is available. For SIMATIC WinAC RTX (F) 2010, avoid using the affected authentication protocol via port 102/tcp (ISO-TSAP) until the issue is resolved. For SINUMERIK 840D sl, restrict access to the PLC credentials to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.