Security News > 2023 > January > Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)

Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected boot features.

Exploitation of these vulnerabilities could allow offline attackers to generate arbitrary encrypted firmware that are bootable on all Siemens S7-1500 series PLC CPU modules.

These vulnerabilities allow attackers to persistently bypass integrity validation and security features of the ADONIS operating system and subsequent user space code.

"It's important for all industrial operators using the Siemens S7-1500 Series PLC to take several steps to prevent possible exploitation of these critical vulnerabilities," said Dr. Ang Cui, CEO of Red Balloon.

"While these vulnerabilities technically require physical access to exploit, it is possible for sophisticated attackers to 'chain,' or combine, these vulnerabilities with other remote access vulnerabilities on the same network to install malicious firmware without the need for in-person contact."

"The vulnerabilities exist because the Siemens custom System-on-Chip does not establish a tamper proof Root of Trust in the early boot process," said Yuanzhe Wu, senior research scientist at Red Balloon.

News URL

https://www.helpnetsecurity.com/2023/01/12/cve-2022-38773/