Security News > 2023 > January > Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)

Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)
2023-01-12 15:29

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features.

Exploitation of these vulnerabilities could allow offline attackers to generate arbitrary encrypted firmware that are bootable on all Siemens S7-1500 series PLC CPU modules.

These vulnerabilities allow attackers to persistently bypass integrity validation and security features of the ADONIS operating system and subsequent user space code.

"It's important for all industrial operators using the Siemens S7-1500 Series PLC to take several steps to prevent possible exploitation of these critical vulnerabilities," said Dr. Ang Cui, CEO of Red Balloon.

"While these vulnerabilities technically require physical access to exploit, it is possible for sophisticated attackers to 'chain,' or combine, these vulnerabilities with other remote access vulnerabilities on the same network to install malicious firmware without the need for in-person contact."

"The vulnerabilities exist because the Siemens custom System-on-Chip does not establish a tamper proof Root of Trust in the early boot process," said Yuanzhe Wu, senior research scientist at Red Balloon.


News URL

https://www.helpnetsecurity.com/2023/01/12/cve-2022-38773/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Siemens 1779 26 427 871 201 1525