CVE-2020-15796

Name of the Vulnerable Software and Affected Versions SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) version V20.8 SIMATIC S7-1500 Software Controller version V20.8

Description A vulnerability has been identified in the web server of the affected products, which could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.

Recommendations For SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) version V20.8, consider disabling the web server functionality until a patch is available. For SIMATIC S7-1500 Software Controller version V20.8, restrict access to the web server to minimize the risk of exploitation. As a temporary workaround, avoid using the affected web server functionality until the issue is resolved.