Siemens SIMATIC S7-1200 (Update A)
Plan Patch8.1ICS-CERT ICSA-21-222-09Aug 10, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
SIMATIC S7-1200 PLC firmware V4.5.0 contains an authentication bypass vulnerability when the device was provisioned using TIA Portal V13. An attacker with network access and TIA Portal V13 or later can exploit this flaw to download arbitrary programs to the PLC, bypassing the configured password protection. This affects the S7-1200 CPU family including SIPLUS variants. Siemens has released firmware version 4.5.1 to correct this issue. The vulnerability is not currently known to be exploited in the wild, and successful exploitation requires high attack complexity.
What this means
What could happen
An attacker with TIA Portal V13 or later could bypass password authentication on affected S7-1200 PLCs and load malicious programs, potentially altering production sequences, stopping processes, or damaging equipment.
Who's at risk
Manufacturing facilities and utilities using SIEMENS SIMATIC S7-1200 PLCs (including SIPLUS industrial variants) for process control, packaging, motor control, or any critical automation. The risk is highest if devices were provisioned with TIA Portal V13 while running firmware V4.5.0.
How it could be exploited
An attacker with network access to the PLC and a copy of TIA Portal V13 or later can exploit the authentication bypass to download and run arbitrary PLC programs without knowing the configured password. This requires the PLC was originally provisioned with TIA Portal V13 while running firmware V4.5.0.
Prerequisites
- Network access to the SIMATIC S7-1200 PLC (typically port 102 for S7 communication)
- Attacker has TIA Portal V13 or later installed
- Affected PLC is running firmware V4.5.0
- PLC was provisioned (set up) using TIA Portal V13 while on firmware V4.5.0
Remotely exploitable over networkNo authentication required (bypass vulnerability)High CVSS score (8.1)Low complexity attack (once preconditions met)Affects critical control system devices
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)V4.5.04.5.1
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDIf you cannot update firmware immediately, update TIA Portal to version 13 SP1 or later before re-provisioning any S7-1200 devices
HARDENINGRestrict network access to S7-1200 PLCs using firewall rules; do not expose port 102 to untrusted networks or the Internet
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC S7-1200 firmware to version 4.5.1 or later
Long-term hardening
0/1HARDENINGIsolate PLC networks from the business network using network segmentation and air-gapping where possible
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e56ce89a-4934-47fb-a588-1844036ab8bc