Security News > 2021 > May > Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs

Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs
2021-05-28 15:08

Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers made by Siemens.

The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas.

According to Claroty, the vulnerability can be exploited to gain native code execution on Siemens S7 PLCs by bypassing the sandbox where engineering code normally runs and gaining direct access to the device's memory.

The company's researchers showed how an attacker could bypass protections and write shellcode directly into protected memory.

An attack exploiting this vulnerability would be difficult to detect, the researchers claim.

"Escaping the sandbox means an attacker would be able to read and write from anywhere on the PLC, and could patch an existing VM opcode in memory with malicious code to root the device," Claroty researchers explained in a blog post published on Friday.


News URL

http://feedproxy.google.com/~r/securityweek/~3/hSgTTqLiIR0/newly-disclosed-vulnerability-allows-remote-hacking-siemens-plcs

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2020-15782 Unspecified vulnerability in Siemens products
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl.
network
low complexity
siemens
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Siemens 1779 26 427 871 201 1525