Issued: Sunday, 30 May, 2021 |
Last Revision: Sunday, 30 May, 2021 |
Vendor: |
Product: |
Severity Level: |
A new memory protection bypass vulnerability tracked as CVE-2020-15782 has been discovered in Siemens SIMATIC S7-1200 and S7-1500 CPU products. If exploited successfully, this vulnerability could allow attackers to write arbitrary data to protected memory areas or read sensitive data from the device's memory, which could lead to completely taking over the affected device. In order to exploit the vulnerability, the attacker must have network access to port 102/tcp.
According to the researchers who originally found the vulnerability, no public exploitation of this vulnerability has been observed at the time of this writing. It is important to review the recommendations section and apply the necessary measures to prevent exploitation of this vulnerability, as it could allow for complete takeover of affected devices.
Siemens has released updates for products affected by this vulnerability, along with workarounds and mitigations for products with no available updates. Please refer to the original vendor advisory (SSA-434534) for detailed information: