Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3037

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3037
Last Modified 25 Sep 2012 12:00:00
Published 25 Sep 2012 07:07:46
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3037

Summary

The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.

Vulnerable Systems


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-263-01.pdf

CONFIRM - http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-240718.pdf


Last Updated: 27 May 2016 11:00:48