QID 591126
Date Published: 2022-10-18
QID 591126: Siemens Simatic Weak Key Protection Vulnerability (ICSA-22-286-04, SSA-568427, SSB-898115)
SIMATIC S7-1200, S7-1500 CPUs and related products protect the built-in global private key in a way that cannot be considered sufficient any longer. The key is used for the legacy protection of confidential configuration data and the legacy PG/PC and HMI communication.
Affected Versions:
SIMATIC S7-PLCSIM Advanced: All versions prior to V4.0
QID Detection Logic (Authenticated):
QID checks for the registry entry to check the vulnerable version of the product.
This could allow attackers to discover the private key of a CPU product family by an offline attack against a single CPU of the family. Attackers could then use this knowledge to extract confidential configuration data from projects that are protected by that key or to perform attacks against legacy PG/PC and HMI communication.
Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk:
1. Use legacy (i.e., not TLS-based) PG/PC and HMI communication only in trusted network environments.
2. Protect access to the TIA Portal project and CPU (including related memory cards) from unauthorized actors.
- ICSA-22-286-04 -
www.cisa.gov/uscert/ics/advisories/icsa-22-286-04 - SSA-568427 -
cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf - SSB-898115 -
cert-portal.siemens.com/productcert/html/ssb-898115.html
CVEs related to QID 591126
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ICSA-22-286-04 |
www.cisa.gov/uscert/ics/advisories/icsa-22-286-04 |
||
| SSA-568427 |
cert-portal.siemens.com/productcert/pdf/ssa-568427.pdf |
||
| SSB-898115 |
cert-portal.siemens.com/productcert/html/ssb-898115.html |