Heimdal
article featured image

Contents:

Recent discoveries identified a vulnerability in Siemens SIMATIC programmable logic controller (PLC), which can be exploited to retrieve the hardcoded, global private cryptographic keys and seize control of the devices.

Identified as CVE-2022-38465 and rated 9.3 on the CVSS scoring scale, the vulnerability has been addressed by the German industrial manufacturing company, as part of security updates issued this week.

Summary

Cybersecurity company Claroty published a report in which their Team82 researchers have recovered a global hardcoded cryptographic key (CVE-2022-38465) used by each Siemens affected product line. According to the report, an attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related Totally Integrated Automation (TIA) Portal, while bypassing all four of its access level protections.

A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way.

Source

The Hacker News listed the impacted products and versions:

  • SIMATIC Drive Controller family (all versions before 2.9.2)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (all versions before 21.9)
  • SIMATIC ET 200SP Open Controller CPU 1515SP PC, including SIPLUS variants (all versions)
  • SIMATIC S7-1200 CPU family, including SIPLUS variants (all versions before 4.5.0)
  • SIMATIC S7-1500 CPU family, including related ET200 CPUs and SIPLUS variants (all versions before V2.9.2)
  • SIMATIC S7-1500 Software Controller (all versions before 21.9), and
  • SIMATIC S7-PLCSIM Advanced (all versions before 4.0)

Source

Further, Team82 demonstrated, by extracting the PLC’s hardcoded private key, multiple attack scenarios including decryption of all communication between S7 PLCs and an EWS, decryption of the configured password hash on the PLC, something that in the wrong hands might lead to Man-in-the-Middle attacks, and more.

Mitigations

The German manufacturer has not remained silent about the issue and recommends updating affected devices. Further, users who are not able to update are urged to follow the workarounds and mitigations found in the company`s report, in order to minimize the risk of attacks.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security, and to follow the recommendations in the product manuals.

Source

In addition, to mitigate the risk of attacks facilitated by CVE-2022-38465, Siemens SIMATIC users are advised to apply defense in depth strategies.

Other Siemens Issues

The findings are the latest in a series of major flaws that have been discovered in software used in industrial networks, The Hacker News claims.

In June, the same cybersecurity experts reported multiple issues in Siemens SINEC network management system (NMS). Then, the vulnerabilities had the potential of exposing Siemens devices to malicious activities, such as Denial-of-Service attacks, credential leaks, and even remote code execution.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE