CVE-2020-15782

critical

Published 2021-05-28 · Modified 2026-06-02

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4 NEW

—

not yet in upstream

VIR risk

9.8

Description

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V21.9), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.5.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.9.2), SIMATIC S7-1500 Software Controller (All versions < V21.9), SIMATIC S7-PLCSIM Advanced (All versions < V4.0), SINAMICS PERFECT HARMONY GH180 Drives (Drives manufactured before 2021-08-13), SINUMERIK MC (All versions < V6.15), SINUMERIK ONE (All versions < V6.15). Affected devices are vulnerable to a memory protection bypass through a specific operation. A remote unauthenticated attacker with network access to port 102/tcp could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions	Fixed
siemens	cpu_1504d_tf	`-`
siemens	cpu_1507d_tf	`-`
siemens	cpu_1211c	`-`
siemens	cpu_1212c	`-`
siemens	cpu_1212fc	`-`
siemens	cpu_1214c	`-`
siemens	cpu_1214fc	`-`
siemens	cpu_1215c	`-`
siemens	cpu_1215fc	`-`
siemens	cpu_1217c	`-`
siemens	6es7510-1dj01-0ab0	`-`
siemens	6es7510-1sj01-0ab0	`-`
siemens	6es7511-1ak01-0ab0	`-`
siemens	6es7511-1ak02-0ab0	`-`
siemens	6es7511-1ck00-0ab0	`-`
siemens	6es7511-1ck01-0ab0	`-`
siemens	6es7511-1fk01-0ab0	`-`
siemens	6es7511-1fk02-0ab0	`-`
siemens	6es7511-1tk01-0ab0	`-`
siemens	6es7511-1uk01-0ab0	`-`
siemens	6es7512-1ck00-0ab0	`-`
siemens	6es7512-1ck01-0ab0	`-`
siemens	6es7512-1dk01-0ab0	`-`
siemens	6es7512-1sk01-0ab0	`-`
siemens	6es7513-1al01-0ab0	`-`
siemens	6es7513-1al02-0ab0	`-`
siemens	6es7513-1fl01-0ab0	`-`
siemens	6es7513-1fl02-0ab0	`-`
siemens	6es7513-1rl00-0ab0	`-`
siemens	6es7513-2gl00-0ab0	`-`
siemens	6es7513-2pl00-0ab0	`-`
siemens	6es7515-2am01-0ab0	`-`
siemens	6es7515-2am02-0ab0	`-`
siemens	6es7515-2fm01-0ab0	`-`
siemens	6es7515-2fm02-0ab0	`-`
siemens	6es7515-2rm00-0ab0	`-`
siemens	6es7515-2tm01-0ab0	`-`
siemens	6es7515-2um01-0ab0	`-`
siemens	6es7516-2gn00-0ab0	`-`
siemens	6es7516-2pn00-0ab0	`-`
siemens	6es7516-3an01-0ab0	`-`
siemens	6es7516-3an02-0ab0	`-`
siemens	6es7516-3fn01-0ab0	`-`
siemens	6es7516-3fn02-0ab0	`-`
siemens	6es7516-3tn00-0ab0	`-`
siemens	6es7516-3un00-0ab0	`-`
siemens	6es7517-3ap00-0ab0	`-`
siemens	6es7517-3fp00-0ab0	`-`
siemens	6es7517-3hp00-0ab0	`-`
siemens	6es7517-3tp00-0ab0	`-`
siemens	6es7517-3up00-0ab0	`-`
siemens	6es7518-4ap00-0ab0	`-`
siemens	6es7518-4ap00-3ab0	`-`
siemens	6es7518-4fp00-0ab0	`-`
siemens	6es7518-4fp00-3ab0	`-`
siemens	simatic_s7-1500__software_controller
siemens	simatic_s7-plcsim_advanced	`{"endExcluding":"4.0"}`	`4.0`
siemens	cpu_1515sp_pc	`-`
siemens	cpu_1515sp_pc2	`-`

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.