×
Siemens Industry Online Support
Siemens AG
Entry type: Product note Entry ID: 51810333, Entry date: 07/29/2011
(0)
Rate

Security information about internal diagnostic functions in S7-300 PLCs

  • Entry
  • Associated product(s)

Background
Recent external research has disclosed the existence of an access method to internal diagnostic functions in the S7-300 PLCs. As a result of the continuous test and improvement of S7 PLCs (including security related functions), Siemens had previously identified this method of access to the functions. The undocumented functions were accessible over the integrated PLC network interface. The researcher's disclosure has resulted in recent alert from ICS-CERT "Siemens S7-300/S7-400 Hardcoded Credentials" (July 23, 2011).

Analysis results and recommendations concerning the ICS CERT alert

  • The reported access method for these functions only exists in older versions of S7-300 PLCs.
  • Not affected
    • S7-400 PLCs
    • S7-300 PLCs without integrated Profinet interface
    • S7-300 PLCs with integrated Profinet interface shipped after October 2009 (or IM after 08/2010).
    • The (internal) diagnostic interface has been removed
      • CPU314C-2PN/DP since V3.3 01/2010 (first release)
      • CPU315(incl. F)-2PN/DP since V3.1 10/2009
      • CPU317(incl. F)-2PN/DP since V3.1 10/2009
      • CPU319(incl. F)-3PN/DP since V2.8 06/2009
      • IM151-8(incl. F)-PN/DP since V3.2 08/2010
      • IM154-8 PN/DP since V3.2 08/2010
  • Details to affected S7-300 PLCs
    Older S7-300 PLC with integrated Profinet interface allowed access to internal diagnostic functions. This affects S7-300 Profinet PLCs shipped before October 2009 and IM15x Profinet PLCs shipped before September 2010. We recommend that PLC customers reconfirm that the basic security and defense-in-depth measures are implemented to prevent unauthorized network access. For details see www.siemens.com/industrialsecurity.

In general

  • Siemens S7-300 and S7-400 PLCs are used in a wide variety of industrial applications worldwide.
  • The potential threat scenarios would require network access to plant controllers.
  • When properly applied, Siemens automation products provide a high degree of resilience and security while delivering the flexibility and functionality required. This is realized by implementing a defense-in-depth-strategy including secure production islands. Consult the Operational Guidelines for Industrial Security for further details and security services available from Siemens.

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.
Rate entry
no rating
Requests and feedback
What do you want to do?
Note: The feedback always relates to the current entry / product. Your message will be forwarded to our technical editors working in the Online Support. In a few days, you will receive a response if your feedback requires one. If we have no further questions, you will not hear from us.