CVE-2013-6920
Siemens SINAMICS S/G Family Firmware < 4.6 - Unauthenticated FTP and TELNET Access
Title source: llmDescription
Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23.
References (3)
Core 3
Core References
US Government Resource x_refsource_misc
http://ics-cert.us-cert.gov/advisories/ICSA-13-338-01
Vendor Advisory x_refsource_confirm
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-742938.pdf
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-742938.pdf
Scores
EPSS
0.0116
EPSS Percentile
78.9%
Details
CWE
CWE-287
Status
published
Products (14)
siemens/sinamics_g110
siemens/sinamics_g110d
siemens/sinamics_g120
siemens/sinamics_g120c
siemens/sinamics_g120d
siemens/sinamics_g120p
siemens/sinamics_g130
siemens/sinamics_g150
siemens/sinamics_g180
siemens/sinamics_s110
... and 4 more
Published
Dec 07, 2013
Tracked Since
Feb 18, 2026