CVE-2012-3037

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://en.securitylab.ru/lab/PT-2012-48	Third Party Advisory
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf	Broken Link Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01.pdf	Broken Link Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*

History

01 Feb 2022, 14:58

Type	Values Removed	Values Added
References	~~(MISC) http://en.securitylab.ru/lab/PT-2012-48 -~~	(MISC) http://en.securitylab.ru/lab/PT-2012-48 - Third Party Advisory
References	~~(MISC) http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01.pdf - US Government Resource~~	(MISC) http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01.pdf - Broken Link, Third Party Advisory, US Government Resource
References	~~(CONFIRM) http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf - Vendor Advisory~~	(CONFIRM) http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf - Broken Link, Vendor Advisory
CVSS	v2 : ~~5.0~~ v3 : ~~unknown~~	v2 : 4.3 v3 : unknown
CWE	CWE-200 CWE-310	CWE-295
First Time		Siemens simatic S7-1200 Cpu 1217c Firmware Siemens simatic S7-1200 Siemens simatic S7-1200 Cpu 1211c Siemens simatic S7-1200 Cpu 1211c Firmware Siemens simatic S7-1200 Cpu 1215c Siemens simatic S7-1200 Cpu 1215c Firmware Siemens simatic S7-1200 Cpu 1214c Firmware Siemens simatic S7-1200 Cpu 1212fc Siemens simatic S7-1200 Cpu 1214 Fc Siemens simatic S7-1200 Cpu 1215 Fc Siemens simatic S7-1200 Cpu 1212fc Firmware Siemens simatic S7-1200 Cpu 1214c Siemens simatic S7-1200 Cpu 1215 Fc Firmware Siemens simatic S7-1200 Cpu 1212c Firmware Siemens simatic S7-1200 Cpu 1217c Siemens simatic S7-1200 Cpu 1214 Fc Firmware Siemens simatic S7-1200 Firmware Siemens simatic S7-1200 Cpu 1212c
CPE	cpe:2.3:h:siemens:simatic_s7-1200_plc:2.2:::::::* cpe:2.3:h:siemens:simatic_s7-1200_plc:2.0:::::::* cpe:2.3:h:siemens:simatic_s7-1200_plc:2.1:::::::*	cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:::::::* cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:::::::: cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:::::::* cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:::::::* cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:::::::: cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:::::::: cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:::::::: cpe:2.3:o:siemens:simatic_s7-1200_firmware:::::::: cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:::::::: cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:::::::: cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:::::::: cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:::::::* cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:::::::* cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:::::::* cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:::::::* cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:::::::* cpe:2.3:h:siemens:simatic_s7-1200:-:::::::* cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware::::::::

Information

Published : 2012-09-25 11:07

Updated : 2023-12-10 11:16

NVD link : CVE-2012-3037

Mitre link : CVE-2012-3037

CVE.ORG link : CVE-2012-3037

JSON object : View

Products Affected

siemens

simatic_s7-1200_cpu_1212fc
simatic_s7-1200_cpu_1212c
simatic_s7-1200_cpu_1214c
simatic_s7-1200
simatic_s7-1200_cpu_1217c
simatic_s7-1200_cpu_1214c_firmware
simatic_s7-1200_cpu_1212fc_firmware
simatic_s7-1200_cpu_1215_fc
simatic_s7-1200_cpu_1215c
simatic_s7-1200_cpu_1217c_firmware
simatic_s7-1200_cpu_1212c_firmware
simatic_s7-1200_firmware
simatic_s7-1200_cpu_1215_fc_firmware
simatic_s7-1200_cpu_1211c_firmware
simatic_s7-1200_cpu_1214_fc_firmware
simatic_s7-1200_cpu_1215c_firmware
simatic_s7-1200_cpu_1214_fc
simatic_s7-1200_cpu_1211c

CWE

CWE-295

Improper Certificate Validation

4.3 /10