What is GHSA-8qxp-fp5j-5wxj?

GHSA-8qxp-fp5j-5wxj is a security advisory published by GitHub Security Advisories with Low severity. A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and...

Which CVE IDs does GHSA-8qxp-fp5j-5wxj cover?

GHSA-8qxp-fp5j-5wxj covers the following CVE IDs: CVE-2020-15791. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-8qxp-fp5j-5wxj?

GHSA-8qxp-fp5j-5wxj has a CVSS v3 base score of 6.5, published by GitHub Security Advisories.

GHSA-8qxp-fp5j-5wxjLowCVSS 6.5

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and...

Vendor

GitHub Security Advisories

Published

May 24, 2022

Last Modified

June 2, 2026

🔗 CVE IDs covered (1)

CVE-2020-15791 →

📋 Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2020-15791
https://cert-portal.siemens.com/productcert/pdf/ssa-381684.pdf
https://github.com/advisories/GHSA-8qxp-fp5j-5wxj