As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1200 CPU V1/V2 Devices
- Vulnerabilities: Improper Input Validation, Authentication Bypass by Capture-replay
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to trigger functions by record and playback of legitimate network communication, or place the controller in stop/defect state by causing a communications error.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants): All versions before 2.0.3 (CVE-2011-20001)
- SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants): All versions before 2.0.2 (CVE-2011-20002)
- SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants): All versions before 2.0.3 (CVE-2011-20001)
- SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants): All versions before 2.0.2 (CVE-2011-20002)
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER INPUT VALIDATION CWE-20
The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial-of-service condition.