{"containers": {"cna": {"affected": [{"product": "SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC HMI KTP700F Mobile Arctic", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC HMI Mobile Panels 2nd Generation", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions"}]}, {"product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens AG", "versions": [{"status": "affected", "version": "All versions"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319: Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-16T13:40:34", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "productcert@siemens.com", "ID": "CVE-2020-7592", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants)", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants)", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC HMI Comfort Panels (incl. SIPLUS variants)", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC HMI KTP700F Mobile Arctic", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC HMI Mobile Panels 2nd Generation", "version": {"version_data": [{"version_value": "All versions"}]}}, {"product_name": "SIMATIC WinCC Runtime Advanced", "version": {"version_data": [{"version_value": "All versions"}]}}]}, "vendor_name": "Siemens AG"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-319: Cleartext Transmission of Sensitive Information"}]}]}, "references": {"reference_data": [{"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf"}, {"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04"}]}}}}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-7592", "datePublished": "2020-07-14T13:18:05", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2020-07-16T13:40:34", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_hmi_basic_panels_1st_generation:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF9AA1D8-BDF6-40EC-8D04-49C5EAB39431", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_basic_panels_2nd_generation:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E561873-49B4-4D85-8D40-9D33CEE7E7CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*", "matchCriteriaId": "79EE15DC-74D3-4551-AAD0-EA0CB600DA76", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C98A381-02D5-460E-8849-63F4576BC52C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BCFE761-35C9-43EF-85BC-E8083B9F75CB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_ktp700f_mobile_arctic_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAC6E895-5577-4047-B7CC-95398563984D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_ktp700f_mobile_arctic:-:*:*:*:*:*:*:*", "matchCriteriaId": "4631C615-B2A4-40C3-9D1A-A1AD3C64EC51", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:siemens:simatic_hmi_mobile_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "08693615-7A47-4062-A73D-7CDE359826F5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:siemens:simatic_hmi_mobile_panels_2nd_generation:-:*:*:*:*:*:*:*", "matchCriteriaId": "59D5490F-EACA-467F-89ED-988A45393EAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP700F Mobile Arctic (All versions), SIMATIC HMI Mobile Panels 2nd Generation (All versions), SIMATIC WinCC Runtime Advanced (All versions). Unencrypted communication between the configuration software and the respective device could allow an attacker to capture potential plain text communication and have access to sensitive information."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIMATIC HMI Basic Panels 1st Generation (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC HMI Basic Panels 2nd Generation (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC HMI Comfort Panels (incluyendo las variantes SIPLUS) (Todas las versiones), SIMATIC HMI KTP700F Mobile Arctic (Todas las versiones), SIMATIC HMI Mobile Panels 2nd Generation (Todas las versiones), SIMATIC WinCC Runtime Advanced (Todas las versiones). Una comunicaci\u00f3n no cifrada entre el software de configuraci\u00f3n y el dispositivo respectivo podr\u00eda permitir a un atacante capturar la comunicaci\u00f3n potencial de texto plano y tener acceso a informaci\u00f3n confidencial"}], "id": "CVE-2020-7592", "lastModified": "2020-07-22T13:56:04.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-14T14:15:19.073", "references": [{"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364335.pdf"}, {"source": "productcert@siemens.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-196-04"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "productcert@siemens.com", "type": "Secondary"}]}

{}