Industrial Security Alert - 09/13 2012
September, 13th 2012
Certificate for HTTPS Communication to S7-1200 V2.x
Siemens has been notified by IT experts from the Russian company "Positive Technologies" of a vulnerability in the certificate store of the Simatic S7-1200 PLC versions V2.x. A potential attacker could use this vulnerability to forge their own certificates and impersonate other web sites. Newer CPU versions from V3 are not affected by this vulnerability.
We thank Positive Technologies for their information.
Siemens specialists are analyzing the vulnerability and will provide further information as soon as possible. As a quick workaround, users can remove the Simatic Controller Certificate from their Windows certificate store.
More information and instructions for the user can be found here: