Rewterz

Rewterz Threat Advisory – CVE-2020-0664 – Active Directory Information Disclosure Vulnerability

September 9, 2020
Rewterz

Rewterz Threat Advisory – Siemens SIMATIC RTLS Locating Manager

September 9, 2020

Rewterz Threat Advisory – CVE-2020-15791 – Siemens SIMATIC S7-300 and S7-400 CPUs

Severity

Medium

Analysis Summary

The authentication protocol between a client and a PLC via Port 102/TCP (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.

Impact

Credential disclosure

Affected Vendors

Siemens

Affected Products

  • SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) All versions
  • SIMATIC S7-400 CPU family (incl. SIPLUS variants) All versions

Remediation

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

  • Apply defense-in-depth concepts.
  • Apply cell protection concepts.
  • For SIMATIC S7-CPU 410 CPUs: Activate field interface security in PCS 7 v9.0, and use a CP443-1 Adv. to communicate with ES/OS.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.