← Back to home
SIEMENS-SSA-240718  ·  Published 2025-10-14  ·  View on Siemens ProductCERT ↗

SSA-240718 V1.2 (Last Update: 2025-10-14): Insecure Storage of HTTPS CA Certificate in SIMATIC S7-1200 CPU V2

CVSS N/A MEDIUM

Risk Summary

<p>SIMATIC S7-1200 CPU V2 devices contain an insufficiently protected private key used for the Certificate Authority (CA) for HTTPS connections. Possession of this key could allow remote attackers to spoof the device’s web server by creating a forged web server certificate.</p> <p>Siemens recommends specific countermeasures for products where fixes are not, or not yet available. Refer to the chapter Additional Information for more details.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-240718 V1.2 (Last Update: 2025-10-14): Insecure Storage of HTTPS CA Certificate in SIMATIC S7-1200 CPU V2 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more