Security News > 2021 > May > Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs
Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers made by Siemens.
The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas.
According to Claroty, the vulnerability can be exploited to gain native code execution on Siemens S7 PLCs by bypassing the sandbox where engineering code normally runs and gaining direct access to the device's memory.
The company's researchers showed how an attacker could bypass protections and write shellcode directly into protected memory.
An attack exploiting this vulnerability would be difficult to detect, the researchers claim.
"Escaping the sandbox means an attacker would be able to read and write from anywhere on the PLC, and could patch an existing VM opcode in memory with malicious code to root the device," Claroty researchers explained in a blog post published on Friday.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-28 | CVE-2020-15782 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. | 7.5 |