1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: FESTO Didactic
- Equipment: CP, MPS 200, MPS 400
- Vulnerability: Improper Restriction of Operations within the Bounds of a Memory Buffer
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
FESTO Didactic reports that the following products are affected:
- FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic CP including S7 PLC(All versions): All versions
- FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 200 Systems(All versions): All versions
- FESTO Didactic Firmware Siemens Simatic S7-1500 / ET200SP (< V2.9.2) installed on FESTO Didactic MPS 400 Systems(All versions): All versions
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
SIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
CVE-2020-15782 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories