SSA-625789 (Last Update: 2020-02-10): Security Vulnerabilities in Siemens SIMATIC S7-1200 CPU

Published

2020-02-10 00:00:00 UTC

Summary

Security experts have examined the SIMATIC S7-1200 Programmable Logic Controller (PLC). This research has revealed some weaknesses in the SIMATIC S71200 CPU communication and authentication functions. Once the automation network is compromised it is possible to demonstrate the following weaknesses using a remote exploit: - Trigger CPU functions by record and playback of legitimate network communication - Place CPU in stop/defect state by causing a communications error A remote exploit is a type of attack that can be launched from one computer against another computer across a network. For example, a PC with access to the automation network could be used to launch a remote exploit against a PLC.

The weaknesses are closed with a firmware update V 2.0.3. For the second weakness (communications error), a temporary work-around is also available: if the Web server on the S7-1200 is disabled, the weakness cannot be exploited.