Entry type: Product note, Entry ID: 51401544, Entry date: 07/05/2011

Potential Password Security Weakness in SIMATIC Controllers

  • Entry
  • Associated product(s)

Potential Password Security Weakness in SIMATIC Controllers

SIEMENS Industrial Automation has identified a potential security weakness in the programming and configuration client software authentication mechanism employed by the SIMATIC S7 family of programmable controllers. This potential weakness is known to affect the SIMATIC S7 family of controller platforms, including S7-200, S7-1200, S7-300 and S7-400.

Details of this potential weakness are as follows:

  • The potential exists for an attacker with access to the product or the control system communication link, to intercept and decipher the product's password and potentially make unauthorized changes to the product's operation (record & replay scenario).


Customers who are concerned about unauthorized access to their Products can take immediate steps as outlined below to reduce associated security risk from this potential vulnerability. These same steps can also serve as a checklist to verify available security capabilities are in place in a system's configuration too.

To help reduce the likelihood of exploitation and to help reduce associated security risk, SIEMENS Industrial Automation recommends the following immediate mitigation strategies (Note: when possible, multiple strategies should be employed simultaneously):

  1. Restrict physical and electronic access to automation products, networks and systems to only those individuals authorized to be in contact with control system equipment

  2. Employ layered security and defense-in-depth methods in system design to restrict and control access to individual products and control networks. Refer to http://www.siemens.com/industrialsecurity for comprehensive information about implementing validated architectures designed to deliver these measures.

  3. Block all traffic to the PROFIBUS, MPI and PROFINET protocol based devices from outside the Manufacturing Zone by restricting or blocking Ethernet access to TCP and UDP Port# 102 using appropriate security technology (e.g. SCALANCE S612  Modul order no. 6GK5612-0BA00-2AA3 or similar effective firewall, or other security appliance).

  4. Periodically and frequently change the Product's password and obsolete previously used passwords to reduce exposure to threat from a Product password becoming known.

In addition to these immediate risk mitigation strategies, SIEMENS Industrial Automation is addressing this potential security weakness in the Product and associated programming and configuration software. Lastly, SIEMENS Industrial Automation is committed to making additional security enhancements to our systems in the future.

For more information and for assistance with assessing the state of security of your existing controls system, including improving your system-level security when using SIEMENS Industrial Automation and other vendor controls products, you can visit the SIEMENS Industrial Automation Security Solutions web site at www.siemens.com/industrialsecurity