CVE-2020-7592 : A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information.

Published 2020-07-14 14:15:19

Updated 2020-07-22 13:56:04

Source Siemens AG

View at NVD, CVE.org

Products affected by CVE-2020-7592

Siemens » Simatic Wincc Runtime Advanced
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*
Matching versions
Siemens » Simatic Hmi Comfort Panels Firmware
cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Hmi Comfort Panels » Version: N/A
Siemens » Simatic Hmi Ktp700f Mobile Arctic Firmware
cpe:2.3:o:siemens:simatic_hmi_ktp700f_mobile_arctic_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Hmi Ktp700f Mobile Arctic » Version: N/A
Siemens » Simatic Hmi Mobile Panels 2nd Generation Firmware
cpe:2.3:o:siemens:simatic_hmi_mobile_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Hmi Mobile Panels 2nd Generation » Version: N/A
Siemens » Simatic Hmi Basic Panels 1st Generation
cpe:2.3:a:siemens:simatic_hmi_basic_panels_1st_generation:*:*:*:*:*:*:*:*
Matching versions
Siemens » Simatic Hmi Basic Panels 2nd Generation
cpe:2.3:a:siemens:simatic_hmi_basic_panels_2nd_generation:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-7592

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-7592

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:A/AC:L/Au:N/C:P/I:N/A:N	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	2.8	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2020-7592

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Assigned by:
- nvd@nist.gov (Primary)
- productcert@siemens.com (Secondary)

References for CVE-2020-7592

https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf

Vendor Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04

Siemens SIMATIC HMI Panels | CISA
Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2020-7592

Products affected by CVE-2020-7592

Exploit prediction scoring system (EPSS) score for CVE-2020-7592

CVSS scores for CVE-2020-7592

CWE ids for CVE-2020-7592

References for CVE-2020-7592