Siemens publishes this bulletin to provide additional information about SSA-568427: "Weak Key Protection Vulnerability in SIMATIC S7-1200 and S7-1500 CPU Families" .
Fixes for affected products are available. Siemens recommends updating both the affected PLCs and the TIA Portal project as stated in SSA-568427. If an update is not possible, Siemens recommends following the workarounds and mitigations described in SSA-568427.
In early 2013 Siemens introduced standards-based asymmetric cryptography into the integrated security architecture with TIA Portal V12 and SIMATIC S7-1200 and S7-1500 CPU families to satisfy the following security goals:
At the time of the development of the architecture, practical solutions for dynamic key management and key distribution did not exist for industrial control systems. The additional operational effort that key management solutions impose for integrators and customers was not justifiable.
Because of these restrictions and the residual risk of the security threat modeling for the architecture, Siemens decided to go with an approach based on fixed key material. As both technology and threat landscape evolved significantly in the past years, this decision needs to be revised and adapted.
As stated in SSA-568427 , SIMATIC S7-1200 and S7-1500 PLCs use a built-in global private key which cannot be considered anymore as sufficiently protected. This key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication. An offline attack against a single PLC allows sophisticated attackers to discover the global private key and then use this knowledge to perform two types of attack:
With access to the TIA Portal project or the project stored on the PLC (including memory card), an attacker could extract confidential configuration data. These data are cryptographic keys and passwords which are used for certificate-based communication like https, OPC UA, or secure Open User Communication and for the protection of the PLC (access level passwords).
With Man-in-the-Middle attacks, attacker could read, modify, and selectively forward data between the PLC and its connected HMIs and Engineering-Stations.
Since the release of TIA Portal V17 and related CPU FW versions, the protection of confidential configuration data is based on an individual password per device and the PG/PC and HMI communication is protected by TLS V1.3. With these security improvements PLCs are not vulnerable to attacks using the global private key.
Siemens is not aware of related cybersecurity incidents but considers the likelihood of malicious actors misusing the global private key as increasing and strongly recommends to follow the remediations described in SSA-568427 and to update both, the TIA Portal project to V17 and CPU to related firmware version.
CPU firmware versions which are recommended to update to:
It is important to note that an update of the firmware on the device is not sufficient. In addition, the hardware configuration in the TIA Portal project (V17 or later) must also be updated to the corresponding CPU version and downloaded to the PLC.
By default, PLCs configured with TIA Portal V17 and its related CPU version have all necessary security improvements enabled:
Siemens strongly recommends updating affected devices as stated in SSA-568427 . Customers who are not able to update should implement the following workarounds and mitigations to minimize the risk of attacks:
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security , and to follow the recommendations in the product manuals.
To mitigate the risk of attacks described in this bulletin, apply “defense in depth” as outlined on pages 12ff of the guidelines .
Siemens would like to thank Team82 of Claroty for reporting this issue, the related research effort and the close collaboration during the coordinated disclosure.