Siemens SIMATIC S7-300 PLCs Undocumented Diagnostic Account Lets Remote Users Access the System
|
|
SecurityTracker Alert ID: 1025912 |
|
SecurityTracker URL: http://securitytracker.com/id/1025912
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 10 2011
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): S7-300
|
Description:
A vulnerability was reported in Siemens SIMATIC S7-300 PLCs. A remote user can access the target system.
Certain models of the S7-300 series include an undocumented user account with a hardcoded username and password (both 'Basisk'), intended for diagnostic purposes. A remote user can connect to the integrated PLC network interface and login to the system using the account. This can be exploited to dump memory, delete files, and execute commands.
The S7-400 PLCs are not affected.
Dillon Beresford of NSS Labs reported this vulnerability.
|
Impact:
A remote user can gain access to the target system.
|
Solution:
The vendor has issued a fix for some models (as of the following dates):
CPU314C-2PN/DP since V3.3 01/2010 (first release)
CPU315(incl. F)-2PN/DP since V3.1 10/2009
CPU317(incl. F)-2PN/DP since V3.1 10/2009
CPU319(incl. F)-3PN/DP since V2.8 06/2009
IM151-8(incl. F)-PN/DP since V3.2 08/2010
IM154-8 PN/DP since V3.2 08/2010
S7-300 Profinet PLCs shipped before October 2009 and IM15x Profinet PLCs shipped before September 2010 are still vulnerable.
The vendor's advisory is available at:
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=51810333&caller=view
|
Vendor URL: support.automation.siemens.com/WW/view/en/51810333 (Links to External Site)
|
Cause:
Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 10 Aug 2011 02:15:48 +0000
Subject: Siemens SIMATIC Controller
|
Siemens S7-300 PLCs
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=51810333&caller=view
|
|
