Siemens Security Advisory (SSA-625789)

The Siemens CERT has posted a formal response to two CVSS level 7 vulnerabilities found in the SIMATIC S7-1200 CPU

  1. Replay attack. An attacker can sniff the traffic and then send it again to issue a command to the same controller.
  2. Denial of service for Firmware Version 02.00.02. Scanning the communication interface causes it to stop.

S7-1200

Workarounds, until the firmware is updated, are to disable unnecessary services and segment the network.

As a temporary measure, it is recommended to disable the web server. The ability to disable the web server is available in TIA Portal Version 11. In addition, it is important to ensure your automation network is protected from unauthorized access using the strategies suggested in this document or isolate the automation network from all other networks using an air gap.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.