Siemens SIMATIC S7-1200 CPUs V1 and V2 Capture-Replay Vulnerability

A capture-replay vulnerability has been identified in Siemens SIMATIC S7-1200 CPU V1 and V2 families, including SIPLUS variants, all versions prior to V2.0.2. This vulnerability allows an on-path attacker to intercept and replay commands between the engineering software and the controller. As a result, the attacker could execute previously recorded commands at a later time, such as stopping the controller, regardless of whether a password was configured.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected controller, allowing an attacker to manipulate the controller's state or functions. For example, an attacker could stop the controller or cause it to enter a defect state, disrupting normal operations.

Remediation

Siemens has released new versions for the affected products and recommends updating to the latest versions. Specific product remediations can be found in the Siemens Security Advisory SSA-625789.