Multiple Vulnerabilities in SIMATIC S7-1200 CPU V1/V2 Devices
Plan Patch7.5SSA-625789Jun 10, 2011
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities affecting Modbus TCP communication handling. An unauthenticated attacker with network access can (1) replay captured network packets to trigger control functions, or (2) inject invalid packets to cause communications errors that place the controller in a stop/defect state. Both vulnerabilities require no credentials and can be exploited from the network.
What this means
What could happen
An attacker with network access could replay recorded network messages to trigger unwanted control functions, or cause the PLC to enter a stop/defect state and halt operations until the controller is manually restarted.
Who's at risk
Water utilities, electric utilities, and any industrial facility operating SIMATIC S7-1200 CPU controllers in V1 or V2 variants (including SIPLUS ruggedized versions) should prioritize assessment. These controllers are commonly used in pump stations, treatment processes, substation automation, and process control applications where unexpected command execution or process shutdown could impact public service delivery.
How it could be exploited
An attacker on the network can capture legitimate Modbus TCP communication to the S7-1200 CPU, replay those messages to execute recorded commands (like changing setpoints or stopping processes), or inject malformed packets to trigger a communications error that stops the controller.
Prerequisites
- Network access to the S7-1200 CPU on port 502 (Modbus TCP)
- Ability to capture or craft valid network packets addressing the controller
- No authentication required
remotely exploitableno authentication requiredlow complexityaffects PLC availability and command execution
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)< 2.0.32.0.3
SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)< 2.0.22.0.2
SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)< 2.0.32.0.3
SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)< 2.0.22.0.2
Remediation & Mitigation
0/4
Do now
0/1HARDENINGIf immediate patching is not possible, implement network segmentation to restrict access to the S7-1200 controllers from untrusted network segments
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC S7-1200 CPU V1 devices to firmware version 2.0.3 or later
HOTFIXUpdate SIMATIC S7-1200 CPU V2 devices to firmware version 2.0.3 or later
Long-term hardening
0/1HARDENINGMonitor network traffic to the S7-1200 for unusual or replayed Modbus TCP packets
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/df6095da-ff82-414e-b0b0-def68e1e34fe