SSA-830194 — Vulnetix

SSA-830194 PUBLISHED CVSS 8.100000381469727 HIGH

SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. Siemens has released an update for SIMATIC S7-1200 and recommends to update to the latest version.

Risk Scores

CVSS 3.1

8.100000381469727

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SIMATIC S7-1200 CPU family (incl. SIPLUS variants)

Exploit Intelligence

https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-830194.txt (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-830194.json (circl)
https://support.industry.siemens.com/cs/ww/en/view/109793280/ (circl)

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-830194.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-830194.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-830194.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109793280/ fix

Open in Interactive Console →