cvelistv5 - cve-2011-20001

CVE-2011-20001 (GCVE-0-2011-20001)

Vulnerability from cvelistv5

Published

2025-10-14 09:14

Modified

2025-10-14 18:57

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-20 - Improper Input Validation

Summary

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.

References

URL

Tags

productcert@siemens.com

https://cert-portal.siemens.com/productcert/html/ssa-625789.html

Impacted products

Vendor

Product

Version

Siemens

SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)

Version: 0 < V2.0.3

Siemens

SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)

Version: 0 < V2.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2011-20001",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T18:57:28.121550Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T18:57:37.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions \u003c V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions \u003c V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-14T09:14:53.944Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-625789.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2011-20001",
    "datePublished": "2025-10-14T09:14:53.944Z",
    "dateReserved": "2025-05-22T04:58:58.075Z",
    "dateUpdated": "2025-10-14T18:57:37.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-20001\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2025-10-14T10:15:32.457\",\"lastModified\":\"2025-10-14T19:36:29.240\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions \u003c V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions \u003c V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-625789.html\",\"source\":\"productcert@siemens.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2011-20001\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-14T18:57:28.121550Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-14T18:57:33.007Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.0.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V2.0.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-625789.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions \u003c V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions \u003c V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-10-14T09:14:53.944Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2011-20001\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-14T18:57:37.446Z\", \"dateReserved\": \"2025-05-22T04:58:58.075Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2025-10-14T09:14:53.944Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2011-20001

Vulnerability from fkie_nvd

Published

2025-10-14 10:15

Modified

2025-10-14 19:36

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-625789.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions \u003c V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions \u003c V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition."
    }
  ],
  "id": "CVE-2011-20001",
  "lastModified": "2025-10-14T19:36:29.240",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "productcert@siemens.com",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-14T10:15:32.457",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-625789.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    }
  ]
}

icsa-25-294-03

Vulnerability from csaf_cisa

Published

2011-06-10 00:00

Modified

2025-10-14 00:00

Summary

Siemens SIMATIC S7-1200 CPU V1/V2 Devices

Notes

Summary

SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities that could allow an unauthenticated remote attacker - to trigger functions by record and playback of legitimate network communication, or - to place the controller in stop/defect state by causing a communications error. Siemens has released new versions for the affected products and recommends to update to the latest versions.

General Recommendations

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-625789 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Critical infrastructure sectors

Critical Manufacturing

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Artem Zinenko"
        ],
        "organization": "Kaspersky",
        "summary": "reporting these vulnerabilities to Siemens."
      },
      {
        "names": [
          "Dillon Beresford"
        ],
        "organization": "NSS Labs",
        "summary": "reporting these vulnerabilities to Siemens."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities that could allow an unauthenticated remote attacker\n\n- to trigger functions by record and playback of legitimate network communication, or\n- to place the controller in stop/defect state by causing a communications error.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "other",
        "text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-625789 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory.  Further, CISA does not endorse any commercial product or service.  Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-625789: Multiple Vulnerabilities in SIMATIC S7-1200 CPU V1/V2 Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-625789.json"
      },
      {
        "category": "self",
        "summary": "SSA-625789: Multiple Vulnerabilities in SIMATIC S7-1200 CPU V1/V2 Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-625789.html"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-294-03 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-294-03.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-294-03 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-294-03"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      }
    ],
    "title": "Siemens SIMATIC S7-1200 CPU V1/V2 Devices",
    "tracking": {
      "current_release_date": "2025-10-14T00:00:00.000000Z",
      "generator": {
        "date": "2025-10-21T14:35:13.858829Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-25-294-03",
      "initial_release_date": "2011-06-10T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2011-06-10T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2011-07-05T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Modification of CVSS scoring, solution and version information"
        },
        {
          "date": "2011-09-12T00:00:00.000000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Update of solution section by removing mentioning of air gap"
        },
        {
          "date": "2020-02-10T00:00:00.000000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "SIPLUS devices now explicitly mentioned in the list of affected products"
        },
        {
          "date": "2025-10-14T00:00:00.000000Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Assigned CVE IDs (CVE-2011-20001/-20002) instead of the deprecated SVE IDs (SVE-2011-0001/-0002); Corrected CVSS vector of CVE-2011-20002; Updated SSA to current data model and support of csaf"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.3",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)",
                  "product_id": "CSAFPID-0001"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.2",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.3",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)",
                  "product_id": "CSAFPID-0003"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.2",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-20001",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0003"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable the web server if possible",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.0.3 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0003"
          ]
        }
      ],
      "title": "CVE-2011-20001"
    },
    {
      "cve": "CVE-2011-20002",
      "cwe": {
        "id": "CWE-294",
        "name": "Authentication Bypass by Capture-replay"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This could allow an on-path attacker between the engineering software and the controller to execute any previously recorded commands at a later time (e.g. set the controller to STOP), regardless whether or not the controller had a password configured.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0002",
          "CSAFPID-0004"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.0.2 or later version",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0002",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2011-20002"
    }
  ]
}

ssa-625789

Vulnerability from csaf_siemens

Published

2011-06-10 00:00

Modified

2025-10-14 00:00

Summary

SSA-625789: Multiple Vulnerabilities in SIMATIC S7-1200 CPU V1/V2 Devices

Notes

Summary

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "SIMATIC S7-1200 CPU V1/V2 controllers contain two vulnerabilities that could allow an unauthenticated remote attacker\n\n- to trigger functions by record and playback of legitimate network communication, or\n- to place the controller in stop/defect state by causing a communications error.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-625789: Multiple Vulnerabilities in SIMATIC S7-1200 CPU V1/V2 Devices - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-625789.html"
      },
      {
        "category": "self",
        "summary": "SSA-625789: Multiple Vulnerabilities in SIMATIC S7-1200 CPU V1/V2 Devices - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-625789.json"
      }
    ],
    "title": "SSA-625789: Multiple Vulnerabilities in SIMATIC S7-1200 CPU V1/V2 Devices",
    "tracking": {
      "current_release_date": "2025-10-14T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-625789",
      "initial_release_date": "2011-06-10T00:00:00Z",
      "revision_history": [
        {
          "date": "2011-06-10T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2011-07-05T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Modification of CVSS scoring, solution and version information"
        },
        {
          "date": "2011-09-12T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Update of solution section by removing mentioning of air gap"
        },
        {
          "date": "2020-02-10T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "SIPLUS devices now explicitly mentioned in the list of affected products"
        },
        {
          "date": "2025-10-14T00:00:00Z",
          "legacy_version": "1.4",
          "number": "5",
          "summary": "Assigned CVE IDs (CVE-2011-20001/-20002) instead of the deprecated SVE IDs (SVE-2011-0001/-0002); Corrected CVSS vector of CVE-2011-20002; Updated SSA to current data model and support of csaf"
        }
      ],
      "status": "interim",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.3",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.2",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.3",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c2.0.2",
                "product": {
                  "name": "SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2011-20001",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "3"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable the web server if possible",
          "product_ids": [
            "1",
            "3"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V2.0.3 or later version",
          "product_ids": [
            "1",
            "3"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "1",
            "3"
          ]
        }
      ],
      "title": "CVE-2011-20001"
    },
    {
      "cve": "CVE-2011-20002",
      "cwe": {
        "id": "CWE-294",
        "name": "Authentication Bypass by Capture-replay"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This could allow an on-path attacker between the engineering software and the controller to execute any previously recorded commands at a later time (e.g. set the controller to STOP), regardless whether or not the controller had a password configured.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "2",
          "4"
        ]
      },
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V2.0.2 or later version",
          "product_ids": [
            "2",
            "4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "2",
            "4"
          ]
        }
      ],
      "title": "CVE-2011-20002"
    }
  ]
}

ghsa-hfrj-93xv-cmrv

Vulnerability from github

Published

2025-10-14 12:31

Modified

2025-10-14 12:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-20001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-14T10:15:32Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions \u003c V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions \u003c V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition.",
  "id": "GHSA-hfrj-93xv-cmrv",
  "modified": "2025-10-14T12:31:30Z",
  "published": "2025-10-14T12:31:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-20001"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-625789.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2011-20001 (GCVE-0-2011-20001)

Vulnerability from cvelistv5

fkie_cve-2011-20001

Vulnerability from fkie_nvd

icsa-25-294-03

Vulnerability from csaf_cisa

ssa-625789

Vulnerability from csaf_siemens

ghsa-hfrj-93xv-cmrv

Vulnerability from github

Tags

Sightings

Nomenclature