CVE-2012-3037 — Improper Certificate Validation in Siemens Simatic S7-1200 CPU 1211c Firmware

CWE-295 — Improper Certificate Validation3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic S7-1200 CPU 1211c Firmware Siemens Simatic S7-1200 CPU 1212c Firmware Siemens Simatic S7-1200 CPU 1212fc Firmware +6 more

Timeline

PublishedSep 25

Latest updateMay 13

Description

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages9 packages

▶NVDsiemens/simatic_s7-1200_firmware2.0.0 — 3.0.0

▶NVDsiemens/simatic_s7-1200_cpu_1211c_firmware2.0.0 — 3.0.0

▶NVDsiemens/simatic_s7-1200_cpu_1212c_firmware2.0.0 — 3.0.0

▶NVDsiemens/simatic_s7-1200_cpu_1214c_firmware2.0.0 — 3.0.0

▶NVDsiemens/simatic_s7-1200_cpu_1215c_firmware2.0.0 — 3.0.0

🔴Vulnerability Details

GHSA

GHSA-cq39-26j4-6jcj: The Siemens SIMATIC S7-1200 2↗2022-05-13

▶

CVEList

CVE-2012-3037: The Siemens SIMATIC S7-1200 2↗2012-09-25

▶