Vulnerabilities in SIMATIC S7-1200 and SIMATIC S7-1500 CPU families (Aug 2019)

Preface: In 1885 Westinghouse imported a Siemens AC generator, to begin experimenting with AC networks in Pittsburgh. As of today, the business development of Siemens extend to all industry.

Product background: The Siemens SIMATIC S7-1200 & S7-1500 is the controller for open-loop and closed-loop control tasks in mechanical equipment manufacture and plant construction. Its range of use extends from the replacement of relays and contactors up to complex automation tasks in networks and within distributed structures.

Vulnerability details: Two vulnerabilities have been identified in the SIMATIC S7-1200 and the SIMATIC S7-1500 CPU families. Those vulnerabilities is that when engineer tries to upload (put) the source code on the SIMATIC. However the limitation of the design do not enforce the integrity check.So attacker exploit Man-in-the-Middle hack technique to transfer their counterfeit code and “put” his code to the device.

Official announcement: Please refer to the URL link –