Overview
- Description
- A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) (V20.8), SIMATIC S7-1500 Software Controller (V20.8). The web server of the affected products contains a vulnerability that could allow a remote attacker to trigger a denial-of-service condition by sending a specially crafted HTTP request.
- Source
- productcert@siemens.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- productcert@siemens.com
- CWE-248
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_et_200sp_open_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A5B5313D-48E9-47F5-BF59-C71A255D9831"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_et_200sp_open_controller_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB17DB68-B876-4238-961E-383E0CD24E66",
"versionEndIncluding": "20.8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FE4D4D21-9868-4FA3-89A8-1EEC473383EF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2BDF4011-5D76-4A15-9E2F-01B38685CD7B",
"versionEndIncluding": "20.8"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]