VULNERABILITIES / FIXES - September 14, 2012
by Carol~ - 9/14/12 6:03 AM
Siemens SIMATIC S7-1200 SSL Private Key Reuse Security Issue
Release Date : 2012-09-14
Criticality level : Less critical
Impact : Spoofing
Where : From local network
Solution Status : Unpatched
Operating System : Siemens SIMATIC S7-1200 2.x
A security issue has been reported in Siemens SIMATIC S7-1200, which can be exploited by malicious people to conduct spoofing attacks.
The security issue is caused due to the use of a single SSL private key across multiple devices, which can be exploited to intercept and disclose encrypted traffic by spoofing another SIMATIC S7-1200 device.
The security issue is reported in versions 2.x.
Upgrade to version 3.x.
Provided and/or discovered by:
The vendor credits Dmitry Sklyarov, Positive Technologies.