CVE-2020-15798

Name of the Vulnerable Software and Affected Versions SIMATIC HMI Comfort Panels (incl. SIPLUS variants) versions prior to V16 Update 3a SIMATIC HMI KTP Mobile Panels versions prior to V16 Update 3a SINAMICS GH150 (all versions) SINAMICS GL150 (with option X30) (all versions) SINAMICS GM150 (with option X30) (all versions) SINAMICS SH150 (all versions) SINAMICS SL150 (all versions) SINAMICS SM120 (all versions) SINAMICS SM150 (all versions) SINAMICS SM150i (all versions)

Description A vulnerability has been identified that could allow a remote attacker to gain full access to the device. The issue is related to the telnet service, which does not require authentication on affected devices. This allows unauthorized access, potentially leading to remote code execution.

Recommendations For SIMATIC HMI Comfort Panels (incl. SIPLUS variants) versions prior to V16 Update 3a, update to V16 Update 3a or later. For SIMATIC HMI KTP Mobile Panels versions prior to V16 Update 3a, update to V16 Update 3a or later. For SINAMICS GH150, SINAMICS GL150 (with option X30), SINAMICS GM150 (with option X30), SINAMICS SH150, SINAMICS SL150, SINAMICS SM120, SINAMICS SM150, and SINAMICS SM150i, disable the telnet service until a patch is available. As a temporary workaround, consider restricting access to the telnet service to minimize the risk of exploitation.