CVE-2020-15783

7.5 HIGH

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl

Published: 2020-11-12 · Last updated: 2026-06-02

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400

Affected products

Vendor	Product
siemens	simatic_s7-300_cpu_312_firmware, simatic_s7-300_cpu_314_firmware, simatic_s7-300_cpu_315-2_dp_firmware

Description

A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-15783
[Vendor advisory]https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf
[Vendor advisory]https://cert-portal.siemens.com/productcert/pdf/ssa-492828.pdf

Related CVEs

Same vendor

CVE-2026-46749 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (7.5 HIGH)
CVE-2026-46748 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
CVE-2026-46747 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (4.3 MEDIUM)
CVE-2026-46746 — A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6) (8.8 HIGH)
CVE-2026-0257 — Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker ... (9.1 CRITICAL)

Same CWE

CVE-2026-12325 — Denial-of-service in the Graphics: ImageLib component (6.5 MEDIUM)
CVE-2026-12319 — Denial-of-service in the Audio/Video: Playback component (6.5 MEDIUM)
CVE-2026-50889 — An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending ... (7.5 HIGH)
CVE-2026-50882 — An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted PO... (7.5 HIGH)
CVE-2026-50879 — An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a ... (7.5 HIGH)