SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-483967349] Siemens SIMATIC S7-1200 CPU Protection Mechanism Failure

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-03-15PLCSiemens SIMATIC S7-1200 CPU family: All versions < V4.0Maik Bruggemann and Ralf SpennebergN/A2016-2846N/AN/AN/A

Source

						
							
								
#
# Siemens SIMATIC S7-1200 CPU Protection Mechanism Failure
#


### OVERVIEW

Siemens has identified a protection mechanism failure vulnerability in old firmware versions of SIMATIC S7-1200. Maik Bruggemann and Ralf Spenneberg from Open Source Training reported this issue directly to Siemens. Siemens provides SIMATIC S7-1200 CPU product, release V4.0 or newer, to mitigate this vulnerability and recommends keeping the firmware up to date.

This vulnerability could be exploited remotely.


### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following SIMATIC products:

SIMATIC S7-1200 CPU family: All versions prior to V4.0




### IMPACT

An attacker who exploits this vulnerability could circumvent user program block protection.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.




### BACKGROUND

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, the Siemens SIMATIC S7-1200 CPU family, are designed for discrete and continuous control in industrial environments. According to Siemens, the Siemens SIMATIC S7-1200 CPU family is deployed across several sectors including Chemical, Critical Manufacturing, and Food and Agriculture. Siemens estimates that these products are used worldwide.




### VULNERABILITY CHARACTERIZATION


# VULNERABILITY OVERVIEW

PROTECTION MECHANISM FAILURE

SIMATIC S7-1200 CPU firmware prior to Version 4.0 could possibly allow an attacker to circumvent user program block protection under certain circumstances.

CVE-2016-2846 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).




### VULNERABILITY DETAILS


# EXPLOITABILITY

This vulnerability could be exploited remotely.


# EXISTENCE OF EXPLOIT

No known public exploits specifically target this vulnerability.


# DIFFICULTY

An attacker with a low skill would be able to exploit this vulnerability.




### MITIGATION

Siemens recommends firmware release Version 4.0 or later for SIMATIC S7-1200 CPUs. Siemens recommends to keep firmware up to date and to set the PLC functionality "Access protection" to read/write protection. The latest firmware releases can be found here:

http://support.automation.siemens.com/WW/view/en/106200276 (link is external)

For more information on these vulnerabilities and detailed instructions, please see Siemens Security Advisory SSA-833048 at the following location:

http://www.siemens.com/cert/advisories (link is external)

As a general security measure Siemens strongly recommends to protect network access to the web interface of S7-1200 CPUs with appropriate mechanisms. Siemens advises to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.