SB2020081258 - Information disclosure in Siemens SIMATIC and SIMOTICS
Published: August 12, 2020
Security Bulletin ID
SB2020081258
Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Inadequate Encryption Strength (CVE-ID: CVE-2019-15126)
The vulnerability allows a remote attacker to decrypt Wi-Fi frames.
The vulnerability exists because after an affected device handles a disassociation event it can send a limited number of Wi-Fi frames encrypted with a static, weak Pairwise Temporal Key (PTK). A remote attacker on the local network can acquire these frames and decrypt them with the static PTK without the knowledge of the security session establishment used to secure the Wi-Fi network.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.