← Back to home
SIEMENS-SSA-830194  ·  Published 2021-09-14  ·  View on Siemens ProductCERT ↗

SSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices

CVSS N/A MEDIUM

Risk Summary

<p>SIMATIC S7-1200 PLC, version V4.5.0 fails to authenticate against configured passwords when the affected device was provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC.</p> <p>Siemens has released an update for SIMATIC S7-1200 and recommends to update to the latest version.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-830194 V1.1 (Last Update: 2021-09-14): Missing Authentication Vulnerability in S7-1200 Devices See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more