14 DAY TRIAL // Siemens has released a firmware update for its SIMATIC S7-1200 product in order to address two vulnerabilities that can be exploited to intercept data or crash the programmable logic controller (PLC).
The first weakness allows potential attackers to record communications transmitted by the engineering software to the SIMATIC S7-1200 controller using freely available open source software.
The instructions can then be played to the controller at a later time. This is a serious issue since the recorded command can be, for example, STOP.
The vulnerability can be exploited regardless of whether the PLC is password protected or not. However, having unique passwords for each controller limits the attack only to the original equipment.
"The answer to this scenario is that a password protected S7-1200 will, in the future (with the firmware update), no longer respond to recorded frames transmitted to the controller at a later time," Siemens writes in its advisory. [pdf]
The second issue addressed by the update is a denial of service vulnerability which allows attackers to overload the communication interface of the S7-1200 controller from the network. A successful attack will put the PLC in a stop/defect state.
"As a countermeasure, the weakness can be mitigated by disabling the CPU's web server. This only affects SIMATIC S7-1200 CPU Firmware Version 02.00.02," the company says.
The vulnerability carries a CVSS base score of 7.9 out of 10. Siemens gives credit to NSS Labs and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) for investigating the issue.
Siemens still needs to patch serious vulnerabilities discovered recently by NSS Labs security researcher Dillon Beresford in its products. The expert planned to show his findings at the TakeDownCon security conference but canceled the talk at the request of Siemens and ICS-CERT. He is now scheduled to demo the exploits at the Black Hat security conference.