HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2013-6920

CVSS 10.0v2.0pub. 2013-12-07upd. 2026-04-29

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Siemens Sinamics G110

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G110d

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G120

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G120c

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G120d

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G120p

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G130

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G150

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics G180

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics S110

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics S120

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics S120cm

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics S150

    HW
    Siemens
    wszystkie wersje
  • Siemens Sinamics S\/g Family Firmware

    OS
    Siemens
    ≤ 4.6
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2022-47374HIGH7.5ten sam produkt

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 ...

CVE-2022-47375HIGH7.5ten sam produkt

A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 ...

CVE-2019-10923HIGH7.5ten sam produkt

An attacker with network access to an affected product may cause a denial of service condition by breaking the...

CVE-2019-6568HIGH7.5ten sam produkt

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition...

CVE-2017-12741HIGH8.7ten sam produkt

Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices...