Vulnerabilities > CVE-2020-15787 - Authentication Bypass by Primary Weakness vulnerability in Siemens Simatic HMI United Comfort Panels Firmware

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

CWE-305

critical

NVD

Published: 2020-09-09

Updated: 2021-06-08

Summary

A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Simatic HMI United Comfort Panels Firmware *	1
Hardware	Siemens Siemens Simatic HMI United Comfort Panels -	1

Common Weakness Enumeration (CWE)

CWE-305 - Authentication Bypass by Primary Weakness

References

https://cert-portal.siemens.com/productcert/pdf/ssa-542525.pdf