Vulnerability CVE-2013-6920


Published: 2013-12-06   Modified: 2013-12-07

Description:
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Siemens -> Sinamics g110 
Siemens -> Sinamics g110d 
Siemens -> Sinamics g120 
Siemens -> Sinamics g120c 
Siemens -> Sinamics g120d 
Siemens -> Sinamics g120p 
Siemens -> Sinamics g130 
Siemens -> Sinamics g150 
Siemens -> Sinamics g180 
Siemens -> Sinamics s110 
Siemens -> Sinamics s120 
Siemens -> Sinamics s120cm 
Siemens -> Sinamics s150 
Siemens -> Sinamics s/g family firmware 

 References:
http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf

Copyright 2020, cxsecurity.com

 

Back to Top