Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Device (Embedded Server/Appliance)  >   Siemens SIMATIC Controller Vendors:   Siemens
Siemens SIMATIC S7-300 PLCs Undocumented Diagnostic Account Lets Remote Users Access the System
SecurityTracker Alert ID:  1025912
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 10 2011
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): S7-300
Description:   A vulnerability was reported in Siemens SIMATIC S7-300 PLCs. A remote user can access the target system.

Certain models of the S7-300 series include an undocumented user account with a hardcoded username and password (both 'Basisk'), intended for diagnostic purposes. A remote user can connect to the integrated PLC network interface and login to the system using the account. This can be exploited to dump memory, delete files, and execute commands.

The S7-400 PLCs are not affected.

Dillon Beresford of NSS Labs reported this vulnerability.

Impact:   A remote user can gain access to the target system.
Solution:   The vendor has issued a fix for some models (as of the following dates):

CPU314C-2PN/DP since V3.3 01/2010 (first release)
CPU315(incl. F)-2PN/DP since V3.1 10/2009
CPU317(incl. F)-2PN/DP since V3.1 10/2009
CPU319(incl. F)-3PN/DP since V2.8 06/2009
IM151-8(incl. F)-PN/DP since V3.2 08/2010
IM154-8 PN/DP since V3.2 08/2010

S7-300 Profinet PLCs shipped before October 2009 and IM15x Profinet PLCs shipped before September 2010 are still vulnerable.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC