PT-2021-7438 · Siemens · Simatic S7-1200 Cpu+9

Published

2021-05-28

·

Updated

2025-07-01

·

CVE-2020-15782

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions SIMATIC Drive Controller family versions prior to V2.9.2 SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to V21.9 SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V21.9 SIMATIC S7-1200 CPU family versions prior to V4.5.0 SIMATIC S7-1500 CPU family versions prior to V2.9.2 SIMATIC S7-1500 Software Controller versions prior to V21.9 SIMATIC S7-PLCSIM Advanced versions prior to V4.0 SINAMICS PERFECT HARMONY GH180 Drives manufactured before 2021-08-13 SINUMERIK MC versions prior to V6.15 SINUMERIK ONE versions prior to V6.15
Description A memory protection bypass vulnerability has been identified, allowing a remote unauthenticated attacker with network access to port 102/tcp to potentially write arbitrary data and code to protected memory areas or read sensitive data. The issue is related to a buffer copy operation without input size validation, which could enable an attacker to execute arbitrary code.
Recommendations For SIMATIC Drive Controller family versions prior to V2.9.2, update to version V2.9.2 or later. For SIMATIC ET 200SP Open Controller CPU 1515SP PC versions prior to V21.9, update to version V21.9 or later. For SIMATIC ET 200SP Open Controller CPU 1515SP PC2 versions prior to V21.9, update to version V21.9 or later. For SIMATIC S7-1200 CPU family versions prior to V4.5.0, update to version V4.5.0 or later. For SIMATIC S7-1500 CPU family versions prior to V2.9.2, update to version V2.9.2 or later. For SIMATIC S7-1500 Software Controller versions prior to V21.9, update to version V21.9 or later. For SIMATIC S7-PLCSIM Advanced versions prior to V4.0, update to version V4.0 or later. For SINAMICS PERFECT HARMONY GH180 Drives manufactured before 2021-08-13, contact the manufacturer for guidance on mitigation or replacement. For SINUMERIK MC versions prior to V6.15, update to version V6.15 or later. For SINUMERIK ONE versions prior to V6.15, update to version V6.15 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2022-06249
CVE-2020-15782

Affected Products

Simatic Drive Controller
Simatic Et 200Sp Open Controller Cpu 1515Sp Pc
Simatic Et 200Sp Open Controller Cpu 1515Sp Pc2
Simatic S7-1200 Cpu
Simatic S7-1500 Cpu
Simatic S7-1500 Software Controller
Simatic S7-Plcsim Advanced
Sinamics Perfect Harmony Gh180 Drives
Sinumerik Mc
Sinumerik One