Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU Families
Monitor5.3SSA-232418Aug 13, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Two vulnerabilities identified in SIMATIC S7-1200/S7-1500 CPU families and related products: CVE-2019-10943: An attacker with network access could modify the user program stored on affected devices such that the running code differs from the source code, potentially undetectable through standard code verification. CVE-2019-10929: An attacker in a man-in-the-middle position could modify network traffic on port 102/tcp exchanged between engineering workstations and the devices. Siemens has released firmware updates for several products. For products where updates are not available, network segmentation and access controls are required as compensating measures.
What this means
What could happen
An attacker with network access could modify the user program on S7-1200 and S7-1500 PLCs without detection, causing the running code to differ from what was intended, or intercept and alter network traffic on port 102 to change program parameters or operations. This could disrupt or alter industrial processes in manufacturing and transportation systems.
Who's at risk
Manufacturing and transportation operators running SIMATIC S7-1200 or S7-1500 CPU families, including ET 200SP Open Controller variants and Software Controller instances. Also affects those using SIPLUS variants, S7-PLCSIM Advanced simulation environments, and SIMATIC Drive Controller systems. This impacts any facility where these Siemens PLCs control critical processes.
How it could be exploited
An attacker on the network could send modified program uploads to port 102/tcp on the PLC, or position themselves between the engineering workstation and the PLC to intercept and alter the program being downloaded or the configuration commands being sent. The modified program would run on the device without the source code matching the actual running code, making detection difficult.
Prerequisites
- Network access to port 102/tcp on the affected PLC
- For CVE-2019-10929 (MITM attack): Position in the network path between engineering workstation and PLC, or ability to intercept traffic on the network segment
remotely exploitablelow complexityno authentication required for CVE-2019-10943man-in-the-middle capable attack vectoraffects core PLC program integritypartial fix availability (some products unfixable)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (12)
5 with fix4 pending3 EOL
ProductAffected VersionsFix Status
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)≥ V20.8No fix (EOL)
SIMATIC Drive Controller familyAll versionsNo fix (EOL)
SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)< V20.820.8
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)< V4.4.04.4.0
SIMATIC S7-1200 CPU family (incl. SIPLUS variants)≥ V4.4.0No fix yet
SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)All versionsNo fix (EOL)
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)< V2.8.12.8.1
SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)≥ V2.8.1No fix yet
Remediation & Mitigation
0/7
Do now
0/2HARDENINGFor products where no fix is available (ET 200SP 1515SP PC, S7-1200 >= V4.4.0, S7-1500 >= V2.8.1, Drive Controller), implement network segmentation and restrict access to port 102/tcp to authorized engineering workstations only
HARDENINGImplement network monitoring and firewall rules to detect and block unauthorized traffic on port 102/tcp to and from affected PLCs
Schedule — requires maintenance window
0/5Patching may require device reboot — plan for process interruption
SIMATIC S7-1500 Software Controller
HOTFIXUpdate SIMATIC S7-1500 Software Controller to version 20.8 or later
SIMATIC S7-PLCSIM Advanced
HOTFIXUpdate SIMATIC S7-PLCSIM Advanced to version 3.0 or later
All products
HOTFIXUpdate SIMATIC S7-1200 CPU family to version 4.4.0 or later
HOTFIXUpdate SIMATIC S7-1500 CPU family to version 2.8.1 or later
HOTFIXUpdate SIMATIC ET 200SP Open Controller CPU 1515SP PC2 to version 20.8 or later
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/88e72939-fbff-4844-bf28-23d4d28c83af