Summary
Siemens SIMATIC S7-1200 and S7-1500 CPUs contained in various Festo Didactic products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks
Impact
Siemens SIMATIC S7-1200 and S7-1500 CPUs have a memory protection bypass vulnerability allowing attackers to write or read data in protected memory, potentially enabling further attacks.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| FESTO Didactic CP including S7 PLC | Siemens Simatic S7-1500 / ET200SP <V2.9.2 | |
| FESTO Didactic MPS 200 Systems | Siemens Simatic S7-1500 / ET200SP <V2.9.2 | |
| FESTO Didactic MPS 400 Systems | Siemens Simatic S7-1500 / ET200SP <V2.9.2 |
Vulnerabilities
Expand / Collapse allSIMATIC S7-1200 and S7-1500 CPU products contain a memory protection bypass vulnerability that could allow an attacker to write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.
Siemens has released updates for several affected products and strongly recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.
Remediation
Update Siemens Simatic S7-1500 / ET200SP Firmware to V2.9.2 or higher
Revision History
| Version | Date | Summary |
|---|---|---|
| 1.0.0 | 09.09.2024 09:00 | Initial version |
| 2.0.0 | 06.11.2024 12:27 | Fix: correct certvde domain, fixed language setting, added self-reference |
| 3.0.0 | 27.02.2025 10:00 | Update: new Dokument ID |
| 3.0.1 | 05.06.2025 15:32 | Fix: removed ia, firmware category |