Home -> Resources -> SCADA/ICS Vulnerability Reference -> Siemens SIMATIC S7-300

Siemens SIMATIC S7-300 Hardcoded Credentials

July 23, 2011

Siemens SIMATIC S7-300 is prone to a security-bypass vulnerability caused by hard-coded credentials.

Successful attacks can allow a remote attacker to gain access to the vulnerable device.

ICS-CERT Advisories / Alerts

ICS-ALERT-11-204-01B
ICS-ALERT-11-204-01A
ICS-ALERT-11-204-01

Vendor Website (include Patches / Hotfixes)

Security information about internal diagnostic functions in S7-300 PLCs
Siemens Industrial Security Homepage

Exploit Proof-of-Concept

An attacker can carry out this attack using readily available network utilities and moderate skill level.

Common Vulnerability & Exposure (CVE) References

Not available at this time.

Additional Information

Disclosure: Dillon Beresford (NSS Labs) via ICS-CERT
Security Focus Vulnerability Info and Exploit Bugtraq ID 48984
Dillon Beresford comments on SCADAsec List
SCADA Vulnerabilties in Industrial Control Systems (NSS Labs)

Siemens PLC Analysis Report (ISSSource)
Siemens PLC Vulnerability Update (ISSSource)
More Possible Siemens Vulnerabilities (ISSSource)

Dillon Beresford - Exploiting Siemens SIMATIC S7 PLCs (Black Hat 2011)