CVE-2013-6920
Summary
| CVE | CVE-2013-6920 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-12-07 00:55:00 UTC |
| Updated | 2020-02-10 15:15:00 UTC |
| Description | Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Siemens | Sinamics G110 | - | All | All | All |
| Hardware | Siemens | Sinamics G110 | - | All | All | All |
| Hardware | Siemens | Sinamics G110d | - | All | All | All |
| Hardware | Siemens | Sinamics G110d | - | All | All | All |
| Hardware | Siemens | Sinamics G120 | - | All | All | All |
| Hardware | Siemens | Sinamics G120 | - | All | All | All |
| Hardware | Siemens | Sinamics G120c | - | All | All | All |
| Hardware | Siemens | Sinamics G120c | - | All | All | All |
| Hardware | Siemens | Sinamics G120d | - | All | All | All |
| Hardware | Siemens | Sinamics G120d | - | All | All | All |
| Hardware | Siemens | Sinamics G120p | - | All | All | All |
| Hardware | Siemens | Sinamics G120p | - | All | All | All |
| Hardware | Siemens | Sinamics G130 | - | All | All | All |
| Hardware | Siemens | Sinamics G130 | - | All | All | All |
| Hardware | Siemens | Sinamics G150 | - | All | All | All |
| Hardware | Siemens | Sinamics G150 | - | All | All | All |
| Hardware | Siemens | Sinamics G180 | - | All | All | All |
| Hardware | Siemens | Sinamics G180 | - | All | All | All |
| Operating System | Siemens | Sinamics S/g Family Firmware | All | All | All | All |
| Hardware | Siemens | Sinamics S110 | - | All | All | All |
| Hardware | Siemens | Sinamics S110 | - | All | All | All |
| Hardware | Siemens | Sinamics S120 | - | All | All | All |
| Hardware | Siemens | Sinamics S120 | - | All | All | All |
| Hardware | Siemens | Sinamics S120cm | - | All | All | All |
| Hardware | Siemens | Sinamics S120cm | - | All | All | All |
| Hardware | Siemens | Sinamics S150 | - | All | All | All |
| Hardware | Siemens | Sinamics S150 | - | All | All | All |
| Operating System | Siemens | Sinamics S/g Family Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf | CONFIRM | cert-portal.siemens.com | |
| Siemens SINAMICS S/G Authentication Bypass Vulnerability | ICS-CERT | MISC | ics-cert.us-cert.gov | US Government Resource |
| Siemens | CONFIRM | www.siemens.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.