Lucene search

IcscertCVE-2012-3037

HistorySep 25, 2012 - 11:07 a.m.

CVE-2012-3037

2012-09-2511:07:46

CWE-295

icscert

web.nvd.nist.gov

siemens

simatic s7-1200

plc

private key

remote attackers

spoofing

web server

forged certificate

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

55.1%

JSON

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.

Affected configurations

Nvd

Node

siemenssimatic_s7-1200_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200Match-

Node

siemenssimatic_s7-1200_cpu_1211c_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1211cMatch-

Node

siemenssimatic_s7-1200_cpu_1212c_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1212cMatch-

Node

siemenssimatic_s7-1200_cpu_1212fc_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1212fcMatch-

Node

siemenssimatic_s7-1200_cpu_1214_fc_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1214_fcMatch-

Node

siemenssimatic_s7-1200_cpu_1214c_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1214cMatch-

Node

siemenssimatic_s7-1200_cpu_1215_fc_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1215_fcMatch-

Node

siemenssimatic_s7-1200_cpu_1215c_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1215cMatch-

Node

siemenssimatic_s7-1200_cpu_1217c_firmwareRange2.0.0–3.0.0

AND

siemenssimatic_s7-1200_cpu_1217cMatch-

VendorProductVersionCPE
siemenssimatic_s7-1200_firmware*cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-1200-cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1211c_firmware*cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1211c-cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1212c_firmware*cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1212c-cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1212fc_firmware*cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1212fc-cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1214_fc_firmware*cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*
siemenssimatic_s7-1200_cpu_1214_fc-cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	simatic_s7-1200_firmware	*	cpe:2.3:o:siemens:simatic_s7-1200_firmware::::::::
siemens	simatic_s7-1200	-	cpe:2.3:h:siemens:simatic_s7-1200:-:::::::*
siemens	simatic_s7-1200_cpu_1211c_firmware	*	cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware::::::::
siemens	simatic_s7-1200_cpu_1211c	-	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:::::::*
siemens	simatic_s7-1200_cpu_1212c_firmware	*	cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware::::::::
siemens	simatic_s7-1200_cpu_1212c	-	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:::::::*
siemens	simatic_s7-1200_cpu_1212fc_firmware	*	cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware::::::::
siemens	simatic_s7-1200_cpu_1212fc	-	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:::::::*
siemens	simatic_s7-1200_cpu_1214_fc_firmware	*	cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware::::::::
siemens	simatic_s7-1200_cpu_1214_fc	-	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:::::::*