Description
The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.
References (3)
Core 3
Core References
Third Party Advisory
http://en.securitylab.ru/lab/PT-2012-48
Broken Link, Vendor Advisory
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf
Broken Link, Third Party Advisory, US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01.pdf
Scores
EPSS
0.0043
EPSS Percentile
62.8%
Details
CWE
CWE-295
Status
published
Products (9)
siemens/simatic_s7-1200_cpu_1211c_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_cpu_1212c_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_cpu_1212fc_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_cpu_1214_fc_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_cpu_1214c_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_cpu_1215_fc_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_cpu_1215c_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_cpu_1217c_firmware
2.0.0 - 3.0.0
siemens/simatic_s7-1200_firmware
2.0.0 - 3.0.0
Published
Sep 25, 2012
Tracked Since
Feb 18, 2026