Replay Vulnerability in SIMATIC S7-1200 Series by Siemens
CVE-2011-20002

8.3HIGH

Key Information:

Vendor: Siemens
Status: Simatic S7-1200 Cpu V1 Family (incl. Siplus Variants); Simatic S7-1200 Cpu V2 Family (incl. Siplus Variants)
Vendor: CVE Published:; 14 October 2025

What is CVE-2011-20002?

A security flaw exists in the SIMATIC S7-1200 CPU series from Siemens, particularly affecting versions prior to V2.0.2. The vulnerability allows an on-path adversary to intercept and replay communications between engineering software and the controllers. This could enable unauthorized execution of previously recorded commands, such as stopping a controller, without requiring password authentication. The implications are significant, potentially leading to unauthorized control over industrial processes.

Affected Version(s)

SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) 0

SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6257...

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
May 22, 2025

JSON