CVE-2020-7592

Name of the Vulnerable Software and Affected Versions SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions) SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions) SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions) SIMATIC HMI KTP700F Mobile Arctic (All versions) SIMATIC HMI Mobile Panels 2nd Generation (All versions) SIMATIC WinCC Runtime Advanced (All versions)

Description A vulnerability has been identified that could allow an attacker to capture plain text communication between the configuration software and the device, potentially gaining access to sensitive information. This is due to unencrypted communication.

Recommendations For SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants), consider implementing encrypted communication protocols to protect data. For SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants), restrict access to the configuration software to minimize the risk of exploitation. For SIMATIC HMI Comfort Panels (incl. SIPLUS variants), ensure all communication is encrypted to prevent plain text capture. For SIMATIC HMI KTP700F Mobile Arctic, disable any features that rely on unencrypted communication until a secure method is implemented. For SIMATIC HMI Mobile Panels 2nd Generation, limit access to sensitive information by implementing secure authentication and authorization mechanisms. For SIMATIC WinCC Runtime Advanced, update the configuration software to use encrypted communication protocols.