Log In Sign Up

Technical Report: Gone in 20 Seconds – Overview of a Password Vulnerability in Siemens HMIs

by   Joseph Gardiner, et al.

Siemens produce a range of industrial human machine interface (HMI) screens which allow operators to both view information about and control physical processes. For scenarios where an operator cannot physically access the screen, Siemens provide the SM@rtServer features on HMIs, which when activated provides remote access either through their own Sm@rtClient application, or through third party VNC client software. Through analysing this server, we discovered a lack of protection against brute-force password attacks on basic devices. On advanced devices which include a brute-force protection mechanism, we discovered an attacker strategy that is able to evade the mechanism allowing for unlimited password guess attempts with minimal effect on the guess rate. This vulnerability has been assigned two CVEs - CVE-2020-15786 and CVE-2020-157867. In this report, we provide an overview of this vulnerability, discuss the impact of a successful exploitation and propose mitigations to provide protection against this vulnerability. This report accompanies a demo presented at CPSIoTSec 2020.


page 2

page 4

page 6


A Simpler Method for Understanding Emergency Shelter Access Patterns

The Simplified Access Metric (SAM) is a new approach for characterizing ...

TCP SYN Cookie Vulnerability

TCP SYN Cookies were implemented to mitigate against DoS attacks. It ens...

VulCurator: A Vulnerability-Fixing Commit Detector

Open-source software (OSS) vulnerability management process is important...

Code Renewability for Native Software Protection

Software protection aims at safeguarding assets embedded in software by ...

Click Spam Prevention Model for On-Line Advertisement

This paper shows a vulnerability of the pay-per-click accounting of Goog...

oo7: Low-overhead Defense against Spectre Attacks

The Spectre vulnerability in modern processors has been reported earlier...