Vulnerability in Siemens SIMATIC S7-1200 PLC Allows Spoofing Attacks through Management Certificate Exploits
CVE-2012-3037

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic S7-1200 Firmware
Vendor: CVE Published:; 25 September 2012

Summary

The Siemens SIMATIC S7-1200 PLC 2.x is vulnerable due to inadequate protection of the private key associated with the SIMATIC CONTROLLER Certification Authority certificate. This vulnerability allows remote attackers to exploit the weak security measures to create forged certificates, enabling them to spoof the web server of the S7-1200. Consequently, this poses significant risks to the integrity and confidentiality of the operational environment, as attackers can impersonate trusted components, potentially leading to unauthorized access and manipulation.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01...

x_refsource_MISC

http://en.securitylab.ru/lab/PT-2012-48

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 25, 2012