Newsletter
S7 is the protocol used for communicating among engineering systems, SCADA, HMI, and PLC equipment, and can be password-protected. 'We wrote two brute-force authentications for S7,' Gordeychik says.
If the PLC itself is password protected, I'm afraid you can't do much. If the blocks are password protected, I think MS Access 2008 is the only piece of software you require to break it. However, if you are uploading a PLC program from a S7-300, you will have a really hard reverse engineering job ahead of you to understand where exactly to make. Jul 19, 2017 If the PLC itself is password protected, I'm afraid you can't do much. If the blocks are password protected, I think MS Access 2008 is the only piece of software you require to break it. However, if you are uploading a PLC program from a S7-300, you will have a really hard reverse engineering job ahead of you to understand where exactly to make. New version for S7-200 crack password! Post by duonis » Fri Nov 13, 2009 10:31 am This password read command (68 1B 1B 68 02 00 6C 32 01 00 00 00 00 00 0E 00 00 04 01 12 0A 10 02 00 08 00 00 03 00 05 E0 D2 16 10 02 00 5C 5E 16 ) work corectly with S7 200 V1,but with V2 plc response (68 1D 1D 68 00 02 08 32 03 00 00 00 00 00 02 00 0C 00 00 04.
Subscribe to our Threatpost Today newsletter
Join thousands of people who receive the latest breaking cybersecurity news every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.
Infosec Insider Post
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
SUMMARY
ICS-CERT is continuing to coordinate with Siemens concerning vulnerabilities affecting Siemens SIMATIC Programmable Logic Controllers (PLCs). In May of 2011, security researcher Dillon Beresford of NSS Labs1 reported multiple vulnerabilities to ICS-CERT that affect the Siemens Simatic S7-1200 micro PLC as reported in ICS-ALERT-11-161-01. The replay attack vulnerabilities affecting the S7-1200 also are verified to affect the SIMATIC S7-200, S7-300, and S7-400 PLCs. Siemens PLCs configured with password protection are still susceptible to a replay attack.
Commands between the affected PLCs and other devices are transmitted using the International Organization for Standardization Transport Service Access Point (ISO-TSAP) protocol. According to ICS-CERT analysis, the ISO-TSAP protocol is functioning to specifications; however, authentication is not performed nor are payloads encrypted or obfuscated. Like ISO-TSAP, many protocols used in industrial control systems were intentionally designed to be open and without security features.
ICS-CERT will publish additional information as it becomes available.
IMPACT
An attacker with access to the PLC or the automation network could intercept the PLC password and make unauthorized changes to the PLC operation.
The full impact to individual organizations is dependent on multiple factors unique to each organization. The ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their environment, architecture, and operational product implementation.
MITIGATION
ICS-CERT continues to work with Siemens to develop specific mitigations for the reported vulnerabilities.
The following mitigations can be implemented to reduce the risk of impact by the reported vulnerabilities:
- ICS-CERT and Siemens recommend that asset owners/operators apply a properly configured strong password to each PLC. Changing this password frequently and using unique passwords, when possible, will reduce exposure to this vulnerability.
- Defense-in-depth strategies for both enterprise and control system networks; see the ICS-CERT Recommended Practice document, Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies and Siemens’ Industrial Security website for more information on how to apply these measures.
- Siemens recommends that concerned customers block all traffic to the PROFIBUS, MPI, and PROFINET protocol-based devices from outside the Manufacturing Zone by restricting or blocking Ethernet access to 102/TCP and 102/UDP, using appropriate security technology.
- Restrict remote access to enterprise and control system networks and diligently monitor any remote connections allowed; employ Virtual Private Network for any remote system connections.
Siemens has published a document regarding the vulnerability affecting the SIMATIC S7-200, S7-300, S7-400, and S7-1200 products.2
ICS-CERT will release information concerning additional mitigations as they become available.
FOLLOW-UP
ICS-CERT published a follow-up advisory titled ICSA-11-223-01 - Siemens SIMATIC PLCs Reported Issues Summary on the ICS-CERT Web page on August 21, 2011.
- 1. NSS Labs, http://www.nsslabs.com, website last accessed June 10, 2011.
- 2. Potential Password Security Weakness in SIMATIC Controllers, http://support.automation.siemens.com/WW/view/en/51401544, website last accessed July 5, 2011.
S7 300 Plc
Contact Information
For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870
S7 300 Plc Manual
For industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics
or incident reporting: https://us-cert.cisa.gov/report
CISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.
This product is provided subject to this Notification and this Privacy & Use policy.