Brute Force Tool Targets Siemens S7

Thursday, January 17, 2013 @ 04:01 PM gHale

There is an offline brute-force password tool with proof-of-concept (PoC) exploit code targeting Siemens S7 programmable logic controllers, according to a report on ICS-CERT.

It is possible to obtain a password by offline password brute forcing the challenge-response data extracted from TCP/IP traffic file. This report released without coordination with either the vendor or ICS-CERT.

Mitigations for CoDeSys Toolkit
SpecView Mitigates SCADA/HMI Bug
Mitigations for SIMATIC RF Manager
ControlLogix Firmware Patches

ICS-CERT notified Siemens of the report and asked the vendor to confirm the attack vector and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cyber security attacks.

Once the attacker is able to get into the system it is possible to capture the current credentials for the device.

ICS-CERT is currently coordinating with the vendor to identify mitigations.

Leave a Reply

You must be logged in to post a comment.