Authentication Bypass in Siemens SIMATIC S7-1200 CPU Family
CVE-2021-37172

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic S7-1200 Cpu Family (incl. Siplus Variants)
Vendor: CVE Published:; 10 August 2021

Summary

A significant vulnerability exists in the Siemens SIMATIC S7-1200 CPU family, specifically affecting versions provisioned with TIA Portal V13. Devices configured with V4.5.0 fail to properly authenticate against set passwords, allowing attackers using TIA Portal V13 or later versions to bypass security measures. This could enable unauthorized users to download and execute arbitrary programs on the programmable logic controllers (PLCs). It is important to note that this vulnerability does not impact devices provisioned using TIA Portal V13 SP1 or subsequent versions.

Affected Version(s)

SIMATIC S7-1200 CPU family (incl. SIPLUS variants) V4.5.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-83019...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 10, 2021
Vulnerability Reserved
Jul 21, 2021