Siemens Fixes SIMATIC S7-1200 Hole

Tuesday, March 15, 2016 @ 03:03 PM gHale

Siemens’ SIMATIC S7-1200 CPU product, release V4.0 or newer fixes a protection mechanism failure vulnerability in old firmware versions of the product, according to a report on ICS-CERT.

Maik Brüggemann and Ralf Spenneberg from Open Source Training reported this remotely exploitable issue directly to Siemens.

Telvent’s Improper Frame Padding Fixed
Moxa Patches ioLogik Controllers
Rockwell Fixes CompactLogix Hole
Building Operation App Hole Fixed

All versions of the SIMATIC S7-1200 CPU family prior to V4.0 suffer from the issue. An attacker who exploits this vulnerability could circumvent user program block protection.

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, the Siemens SIMATIC S7-1200 CPU family, see use in discrete and continuous control in industrial environments. The Siemens SIMATIC S7-1200 CPU family sees action across several sectors including chemical, critical manufacturing, and food and agriculture. Siemens estimates these products see use on a global basis.

SIMATIC S7-1200 CPU firmware prior to Version 4.0 could possibly allow an attacker to circumvent user program block protection under certain circumstances.

CVE-2016-2846 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 6.5.

No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.

Siemens recommends firmware release Version 4.0 or later for SIMATIC S7-1200 CPUs. Siemens recommends to keep firmware up to date and to set the PLC functionality “Access protection” to read/write protection. Click here for the latest firmware release.

For more information on these vulnerabilities and detailed instructions, click on Siemens Security Advisory SSA-833048.

As a general security measure Siemens recommends to protect network access to the web interface of S7-1200 CPUs with appropriate mechanisms. Siemens advises to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

Leave a Reply

You must be logged in to post a comment.