This key is used for signing certificates. The certificate authority (CA) for HTTPS connections, which is installed on Siemens SIMATIC S7-1200 PLC, stores its private key insecurely. Vulnerability Characterization Vulnerability Overview Insecure Storage of HTTPS CA Certificate 2 Products in the Siemens SIMATIC S7-1200 programmable logic controller (PLC) family have been designed for process control in industrial environments such as manufacturing, power generation and distribution, food and beverages, and chemical industries worldwide. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation. Impact to individual organizations depends on many factors that are unique to each organization. Siemens reports that the vulnerability affects the following products:Īn attacker may obtain a private key of the S7-1200 certificate authority for HTTPS and use it to create a forged certificate that can then be used in a Man-in-the-Middle attack. This vulnerability could be exploited remotely. Siemens has provided guidance to mitigate this vulnerability. An insecure HTTPS certificate storage vulnerability in Siemens’ S7-1200 v2.x.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |