Publication Date: |
|
Last Update: |
|
Current Version: | V1.2 |
CVSS v3.1 Base Score: | 7.4 |
CVSS v4.0 Base Score: | 9.1 |
Affected Product and Versions | Remediation |
---|---|
All versions affected by CVE-2012-3037 |
Currently no fix is planned
|
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
Please follow the General Security Recommendations.
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.
CVSS v3.1 Base Score | 7.4 |
CVSS v3.1 Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
CVSS v4.0 Base Score | 9.1 |
CVSS v4.0 Vector | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
CWE | CWE-321: Use of Hard-coded Cryptographic Key |
For the convenience of the customer, a Certificate Authority (CA) for HTTPS connections is installed on the SIMATIC S7-1200 V2 PLC. The user has the option to trust this CA which if selected installs the certificate into the browser's certificate store. Once the user completes this step, the browser will trust any other S7-1200 V2.x PLC on the network.
A researcher has demonstrated the ability to obtain the private key of the S7-1200 CA ("SIMATIC CONTROLLER"). With this private key, attackers are able to create their own certificates. Using this forged certificate, it is possible to spoof any SSL server certificate and conduct man-in-the-middle attacks on a user's browser that is currently trusting this CA.
To fix the issue, uninstall the affected CA keys from the browser's certificate store. Once this is performed, warning messages will occur when attempting to connect to an S7-1200 PLC. The user can manually confirm the identity of the PLC and its certificate and accept it via the browser. This has to be done once for each S7-1200 PLC on the network.
V1.0 (2012-09-13): | Publication Date |
V1.1 (2020-02-10): | SIPLUS devices now explicitly mentioned in the list of affected products |
V1.2 (2025-10-14): | Used CVE ID (CVE-2012-3037) instead of the deprecated SVE ID (SVE-2012-0003); Corrected CVSS vector of CVE-2012-3037; Updated SSA to current data model and support of csaf |