Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs

Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers (PLCs) made by Siemens.

Researchers at industrial cybersecurity firm Claroty have identified a serious vulnerability that can be exploited by a remote and unauthenticated attacker to hack some of the programmable logic controllers (PLCs) made by Siemens.

The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas.

Siemens PLCs can be hacked remotely via new vulnerabilitySiemens says the security hole impacts its SIMATIC S7-1200 and S7-1500 CPUs. The German industrial giant has released firmware updates for some of the impacted devices and it has provided workarounds for products for which patches have yet to be released.

According to Claroty, the vulnerability can be exploited to gain native code execution on Siemens S7 PLCs by bypassing the sandbox where engineering code normally runs and gaining direct access to the device’s memory.

The company’s researchers showed how an attacker could bypass protections and write shellcode directly into protected memory. An attack exploiting this vulnerability would be difficult to detect, the researchers claim.

“Escaping the sandbox means an attacker would be able to read and write from anywhere on the PLC, and could patch an existing VM opcode in memory with malicious code to root the device,” Claroty researchers explained in a blog post published on Friday.

“Claroty, for example, was able to inject ARM/MIPS shellcode directly to an internal operating system structure in such a way that when the operating system uses a specific opcode that we chose, our malicious shellcode would execute, giving us remote code execution. We used this technique to install a kernel-level program with some functionality that is completely hidden to the operating system,” they added.

Claroty’s blog post describes the PLC sandbox and the role CVE-2020-15782 could play in an attack.

Related: Serious Vulnerabilities Found in Schneider Electric Power Meters

Advertisement. Scroll to continue reading.

Related: Unprotected Private Key Allows Remote Hacking of Rockwell Controllers

Related: Vulnerabilities in CodeMeter Licensing Product Expose ICS to Remote Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.