CVE-2011-20002

216.73.217.22

· Published 14/10/2025 10:15 · Modified 14/10/2025 19:36

Labels: CVE-2011-20002 2025-10-14 CVE-2011-20002 CWE-294 [email protected]

Essential information

Published: 14/10/2025 10:15
Modified: 14/10/2025 19:36
Author: —
Creator: —
CVSS: 8.3 HIGH (v3) 8.3 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.2), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.2). Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This could allow an on-path attacker between the engineering software and the controller to execute any previously recorded commands at a later time (e.g. set the controller to STOP), regardless whether or not the controller had a password configured.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
siemens / simatic s7-1200 cpu v1	`cpe:2.3:a:siemens:simatic_s7-1200_cpu_v1::v2.0.2::::::*`
siemens / simatic s7-1200 cpu v2	`cpe:2.3:a:siemens:simatic_s7-1200_cpu_v2::v2.0.2::::::*`