Home -> Resources -> SCADA/ICS Vulnerability Reference -> Siemens SIMATIC S7-1200

Siemens SIMATIC S7-1200 PLC Vulnerabilities

June 10, 2011

Siemens SIMATIC S7-1200 Programmable Logic Controller (PLC) is prone to a security-bypass vulnerability and a denial-of-service vulnerability.

Attackers can exploit the security-bypass issue to perform unauthorized actions in the affected controller system by sending arbitrary commands through replay attacks.

Attackers can exploit the denial-of-service issue by placing the affected controller system in a stop/defect state.

ICS-CERT Advisories / Alerts

ICS-ALERT-11-161-01
ICSA-11-223-01A
ICSA-11-223-01

Vendor Website (include Patches / Hotfixes)

Patch Download
Siemens Security Advisory SSA-625789
Potential Password Security Weakness in SIMATIC Controllers
Information regarding the Behaviour of SIMATIC S7-1200 in Industrial Networks
Siemens Industrial Security Homepage

Exploit Proof-of-Concept

No public exploit is currently available.

Common Vulnerability & Exposure (CVE) References

Not available at this time.

Additional Information

Disclosure: Dillon Beresford (NSS Labs) via ICS-CERT
Secunia Advisory #44961
Security Focus Vulnerability Info and Exploit Bugtraq ID 47993
Dillon Beresford comments on SCADAsec List
SCADA Vulnerabilties in Industrial Control Systems (NSS Labs)

Siemens PLC Analysis Report (ISSSource)
Siemens PLC Vulnerability Update (ISSSource)
More Possible Siemens Vulnerabilities (ISSSource)

Dillon Beresford - Exploiting Siemens SIMATIC S7 PLCs (Black Hat 2011)