CVE-2013-6920

Siemens Sinamics S/g Family Firmware < 4.6 - Authentication Bypass

Title source: rule

Description

Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.

References (3)

[US Government Resource] http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01

[Vendor Advisory] http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf

[Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf

Scores

EPSS 0.0116

EPSS Percentile 78.4%

Classification

CWE

CWE-287

Status draft

Affected Products (14)

siemens/sinamics_s\/g_family_firmware < 4.6

siemens/sinamics_g110

siemens/sinamics_g110d

siemens/sinamics_g120

siemens/sinamics_g120c

siemens/sinamics_g120d

siemens/sinamics_g120p

siemens/sinamics_g130

siemens/sinamics_g150

siemens/sinamics_g180

siemens/sinamics_s110

siemens/sinamics_s120

siemens/sinamics_s120cm

siemens/sinamics_s150

Timeline

Published Dec 07, 2013

Tracked Since Feb 18, 2026