The National Cyber Security Centre SK-CERT warns of a new vulnerability in the firmware of programmable logic controllers (PLC) from Siemens.
PLC devices from Siemens are also popular and widely used in Slovakia in various areas of manufacturing and industry.
The vulnerability allows an attacker to bypass all protected boot features allowing him to modify the controlling operating code and data. According to Red Balloon Security, which discovered the vulnerability, the vulnerability is caused by a flaw in the firmware structure, specifically by a lack of asymmetric signature verifications at boot up. Thus, the vulnerability allows an attacker to install a compromised bootloader that bypasses security features and compromises the integrity of the system.
To exploit the vulnerability, it is necessary to have physical access to a specific PLC device.
The vulnerability is tracked as CVE-2022-38773 and has been assigned a CVSS score of 4.6. Siemens said that they have no plans to release a patch for this vulnerability at this time. However, they plan to produce devices from the same product family as the vulnerable ones, in which the vulnerability will already be patched.
This vulnerability has affected products from the Siemens Simatic S7-1500 CPU family. For a complete list of affected products, please refer to the official Siemens Security Advisory.
Regarding the mentioned vulnerability, the National Cyber Security Centre SK-CERT recommends the following to all operators of vulnerable devices:
- limit physical access to PLC devices, for example by storing them in a lockable cabinet, ideally in a room with controlled and monitored access,
- control and manage access to premises where PLC devices are located, allowing entry to these premises only to authorised personnel,
- monitor the manufacturer’s website and update the firmware of vulnerable devices immediately after a patch is released,
- in the event of a cybersecurity incident detection, report the incident to the National Cyber Security Centre SK-CERT at [email protected].
« Späť na zoznam