Operating System:

[Appliance]

Published:

27 September 2012

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ASB-2012.0129.2 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                              ASB-2012.0129.2
    A vulnerability has been identified in Siemens SIMATIC S7-1200 PLC
                             27 September 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Siemens SIMATIC S7-1200 PLC
Operating System:     Network Appliance
Impact/Access:        Provide Misleading Information -- Remote with User Interaction
                      Access Confidential Data       -- Remote with User Interaction
Resolution:           Mitigation
CVE Names:            CVE-2012-3011  
Member content until: Thursday, October 18 2012

Revision History:     September 27 2012: Added CVE reference
                      September 18 2012: Initial Release

OVERVIEW

        A vulnerability has been identified in Siemens SIMATIC S7-1200 PLC
        version 2.x. [1]


IMPACT

        The vendor has provided the following details regarding this 
        vulnerability:
        
        "For the convenience of the customer, a Certificate Authority (CA) for 
        HTTPS connections is installed on the Siemens SIMATIC S7-1200 PLC. The 
        user has the option to trust this CA which if selected installs the 
        certificate into the browsers certificate store. Once the user completes 
        this step, the browser will trust any other S7-1200 V2.x PLC on the 
        network.
        
        A researcher has demonstrated the ability to obtain the private key 
        of the S7-1200 CA (SIMATIC CONTROLLER). With this private key, an 
        attacker is able to create his own certificate. Using this forged 
        certificate, it is possible to spoof any SSL server certificate and
        conduct man-in-the-middle attacks on a users browser that is currently 
        trusting this CA." [1]


MITIGATION

        The vendor has provided the following mitigation to reduce the risk of
        this vulnerability:
        
        "Siemens strongly recommends the user uninstall the CA keys from the 
        browsers certificate store. Once this is performed, warning messages 
        will occur when attempting to connect to an S7-1200 PLC. The user can 
        manually confirm the identity of the PLC and its certificate and accept 
        it via the browser. This has to be done once for each S7-1200 PLC on 
        the network." [1]


REFERENCES

        [1] SSA-240718: Insecure storage of HTTPS CA certificate in S7-1200
            V2.x
            http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUGPo0u4yVqjM2NGpAQL90RAAjVSx1cRzPlwR26TURF49sAbcGRX4viNa
29whW31PsVva/4UNulyp4J05p3/yh8pg7ChaNvQJknAFmo5Kt7S6RLxhiynvg8Qh
CtPs/hi46JcT78L1egq8LGBnlFbqe6eiIQsTX3YzFPyv+fdh0qvu/j3eR7lt7eRM
zHtFBmWwWCF8igV4P8HOmGdopSt5R2YOhb0muANwsDhl/A3N/SkQLmgKKlEwKaEx
sPi4Mz5G7eA7wyjmGp9aqdjmcoYcVMtQR7YPlRSlNuQAqG60q7y+FwSnxo/1o0pC
axYdlp9mLCs0se6pX2EiQX+pKijYjcPLLtl5MSJtmfnpd8ZO6kxwb7/yUP+zr1lQ
oNkd2B44b4Um57dsLIFo7yUSycRhqJf7Wac5uMhKZDwrvtu3xgGSYrHnLzYvTDLR
4wBL81V0HOYGYHNeVNufAjvqGWvLC1piK+uG8QohPVV9u5nOjlUUKf6Yz4vY6CSK
nH793zq02XyZacQnr2IjAH02YZ3EtrWh+gbxwiNuGMdYJeYvDOLWo+Az8Ps+M39I
qQRXLmHBN+rhB8FHoOe/h0NafYC/IErgtivt1uuez3VxTtJdkIRGKuU2sHHN/ZEy
S8KDj/QNVq+VBF5EMbrcMaSAFSkP0S2ReliBtSgBFwn1LlOOIQdNZ3HOpP7Dmbhe
pgPCGmq9kNM=
=YnJt
-----END PGP SIGNATURE-----