Siemens S7-1200 Series PLC CPU Recorded Frame Command Execution Replay

high Nessus Network Monitor Plugin ID 143

Synopsis

A Siemens S7-1200 programmable logic controller (PLC) has been detected which contains a flaw that allows a replay attack.

Description

Siemens S7-1200 PLC central processing units (CPUs) contain a flaw that could allow an attacker to trigger CPU functions by record and playback of legitimate network communication.

Solution

Upgrade the firmware to version 2.0.3 or later.

See Also

https://cache.industry.siemens.com/dl/files/932/50428932/att_11547/v1/siemens_security_advisory_ssa-625789.pdf,http://www.industry.siemens.com/topics/global/en/industrial-security/news-alerts/Pages/alerts.aspx

Plugin Details

Severity: High

ID: 143

Family: SCADA

Published: 5/21/2019

Updated: 9/30/2019

Vulnerability Information

Patch Publication Date: 6/10/2011

Vulnerability Publication Date: 6/10/2011

Reference Information

BID: 47993