Siemens has
published advisory “SSA-240718: Insecure storage of HTTPS CA certificate inS7-1200 V2.x” about bug, discovered by our team. Very funny
one, because PLC have built-in CA and generates valid certificates based on IP.
So you can trust to CA certificate and you will have security SSL sessions with
all PLCs. But as you understand all PLC have same private/public key pair for
CA and private key hardcoded into firmware.
Not easy
bug to fix, but we hope Siemens will do it.
Thus, allyour PLC are belong to us.
No comments:
Post a Comment