Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Researchers at firmware security company Red Balloon Security have discovered a potentially serious vulnerability affecting many of Siemens’ programmable logic controllers (PLCs).

Exploitation of the vulnerability, tracked as CVE-2022-38773, could allow an attacker to bypass protected boot features and persistently modify the controller’s operating code and data. The cause, according to Red Balloon Security, is a series of architectural issues affecting Siemens Simatic and Siplus S7-1500 CPUs.

“The Siemens custom System-on-Chip (SoC) does not establish an indestructible Root of Trust (RoT) in the early boot process. This includes lack of asymmetric signature verifications for all stages of the bootloader and firmware before execution,” Red Balloon explained in a blog post on Tuesday.

Siemens S7-1500 CPU vulnerability “Failure to establish Root of Trust on the device allows attackers to load custom-modified bootloader and firmware. These modifications could allow attackers to execute and bypass tamper-proofing and integrity-checking features on the device,” the security firm added.

According to Red Balloon, an attacker can decrypt the firmware of the affected PLCs and generate their own malicious firmware that can be made bootable on more than 100 impacted device models.

Exploitation of the vulnerability requires physical access to the targeted PLC, but the researchers pointed out that a hacker may be able to exploit a different remote code execution flaw in order to deploy the malicious firmware onto the device.

Typically, hacking a PLC could allow an attacker — depending on what the controller is used for — to cause significant damage or disruption within the targeted organization.

Siemens informed customers about the vulnerability, which has a ‘medium severity’ rating based on its CVSS score, on Tuesday, when it released its first round of Patch Tuesday advisories for 2023.

“As exploiting this vulnerability requires physical tampering with the product, Siemens recommends assessing the risk of physical access to the device in the target deployment and to implement measures to make sure that only trusted personnel have access to the physical hardware,” the company said.

The vulnerability cannot be fixed with a firmware update and the industrial giant’s advisory informed customers that “currently no fix is planned”, but it clarified that it has already released new hardware versions that fix the vulnerability for some of the impacted CPUs and it’s working on new hardware versions for the remaining products.

Related: New Vulnerabilities Can Allow Hackers to Remotely Crash Siemens PLCs

Related: Security Researchers Dig Deep Into Siemens Software Controllers

Related: Siemens Not Ruling Out Future Attacks Exploiting Global Private Keys for PLC Hacking

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:


Click Here For The Original Story From This Source.

National Cyber Security