### [CVE-2020-15791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15791)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20family%20(incl.%20related%20ET200%20CPUs%20and%20SIPLUS%20variants)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinAC%20RTX%20(F)%202010&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SINUMERIK%20840D%20sl&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-522%3A%20Insufficiently%20Protected%20Credentials&color=brighgreen)

### Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINUMERIK 840D sl (All versions). The authentication protocol between a client and a PLC via port 102/tcp (ISO-TSAP) insufficiently protects the transmitted password. This could allow an attacker that is able to intercept the network traffic to obtain valid PLC credentials.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/404notf0und/CVE-Flow
- https://github.com/ARPSyndicate/cvemon
- https://github.com/vishaalmehta1/AdeenAyub