You can help by choosing one of the links below to provide feedback about this product. 1NSS Labs,, website last accessed June 10, 2011.įor any questions related to this report, please contact the CISA at:įor industrial control systems cybersecurity information: ĬISA continuously strives to improve its products and services.ICS-CERT published a follow-up advisory titled ICSA-11-223-01 - Siemens SIMATIC PLCs Reported Issues Summary on the ICS-CERT Web page on August 21, 2011. Restrict remote access to enterprise and control system networks and diligently monitor any remote connections allowed employ Virtual Private Network (VPN) connections for any remote system access.Restrict connections between the enterprise and control system networks, where possible.Apply defense-in-depth strategies for both enterprise and control system networks see the ICS-CERT Recommended Practice document, Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
The same password should not be reused across the automation network, where possible. ICS-CERT and Siemens recommend that customers apply a properly configured, strong password.ICS-CERT and Siemens recommend that customers disable the embedded web server in TIA Portal Version 11 if it is not critical to operations.In addition to the patch, the following mitigations are recommended to reduce the risk of impact by the ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to taking Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents. Before performing the exercises in this quick-start guide, review the safety guidelines and other information in the SIMATIC S7-1200 Programmable Controller System Manual.
Siemens’ Security Advisory and patch are available at the following locations:įor general information on the behavior of the Simatic S7-1200 in industrial networks, go to the following location. Review the S7-1200 Programmable Controller System Manual for safety guidelines This quick-start guide provides only a quick introduction to the world of S7-1200. Where possible, ICS-CERT recommends that users of S7-1200 PLCs apply the patch developed by Siemens to help protect against exploitation of these vulnerabilities. Successful exploitation of these vulnerabilities could result in the loss of process control, possibly precipitating damage to critical industrial control systems (ICSs). ICS-CERT is releasing this Alert to inform users of the available patch for the Siemens S7-1200 PLCs. Beresford on the other reported problems. ICS-CERT has confirmed the effectiveness of this patch and continues to work with Siemens and Mr. On June 10, 2011, Siemens released a Security Advisory and patch to address a portion of the reported vulnerabilities. ICS-CERT and Siemens have confirmed that these vulnerabilities could allow an attacker with automation network access to execute various unauthorized commands against the S7-1200 PLC.
Reported multiple vulnerabilities to ICS-CERT that affect the Siemens Simatic S7-1200 micro programmable logic controller (PLC). In May of 2011, security researcher Dillon Beresford of NSS Labs 1