Siemens SIMATIC Flaw Allows Theft of Cryptographic Keys
German Manufacturer Comes Forward with Mitigations and Workarounds.
Last updated on October 13, 2022
Recent discoveries identified a vulnerability in Siemens SIMATIC programmable logic controller (PLC), which can be exploited to retrieve the hardcoded, global private cryptographic keys and seize control of the devices.
Cybersecurity company Claroty published a report in which their Team82 researchers have recovered a global hardcoded cryptographic key (CVE-2022-38465) used by each Siemens affected product line. According to the report, an attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related Totally Integrated Automation (TIA) Portal, while bypassing all four of its access level protections.
A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way.
Further, Team82 demonstrated, by extracting the PLC’s hardcoded private key, multiple attack scenarios including decryption of all communication between S7 PLCs and an EWS, decryption of the configured password hash on the PLC, something that in the wrong hands might lead to Man-in-the-Middle attacks, and more.
The German manufacturer has not remained silent about the issue and recommends updating affected devices. Further, users who are not able to update are urged to follow the workarounds and mitigations found in the company`s report, in order to minimize the risk of attacks.
As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.
In addition, to mitigate the risk of attacks facilitated by CVE-2022-38465, Siemens SIMATIC users are advised to apply defense in depth strategies.
Other Siemens Issues
The findings are the latest in a series of major flaws that have been discovered in software used in industrial networks, The Hacker News claims.
In June, the same cybersecurity experts reported multiple issues in Siemens SINEC network management system (NMS). Then, the vulnerabilities had the potential of exposing Siemens devices to malicious activities, such as Denial-of-Service attacks, credential leaks, and even remote code execution.
Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.