In the latest vulnerability developments, automation company Siemens has released security updates to patch a critical vulnerability in their SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs).
Siemens PLCs vulnerable to critical security flaw:
Cybersecurity organization Claroty is responsible for detecting the vulnerability, tracked as CVE-2020-15782. The vulnerability has scored 8.1/10 on the severity scale.
Claroty was reportedly able to identify the vulnerability by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC instructions in the microprocessor.
Exploiting the Siemens bug:
Both could be exploited by a malicious actor to remotely gain access to protected memory areas and achieve unrestricted and undetected code execution, which researchers call the holy grail.
Successful exploitation of the Siemens SIMATIC vulnerability could facilitate malicious actors with the ability to remotely gain access to protected memory areas and achieve unrestricted and undetected code execution, which researchers call the holy grail.
An unauthorized actor with network access to TCP port 102 has the potential to write arbitrary code to secure memory areas or areas of personal data to deploy subsequent attacks.
Claroty researcher Tal Keren stated, “Achieving native code execution on an industrial control system such as a programmable logic controller is an end-goal relatively few advanced attackers have achieved”.
Malicious actors exploiting the vulnerability can also bypass detection by the underlying operating system or any diagnostic software by leaving the user sandbox to inject arbitrary data and code directly into protected memory.
No active exploitation in the wild:
Claroty has also directed that the malicious attack requires network access to the PLC as well as PLC download privileges.
The security company also claims that by jailbreaking the PLC’s native sandbox, it was able to implant kernel-level malicious software into the operating system that enables remote code execution.
Currently, however, Siemens has provided that there is no evidence supporting the scenario of active exploitation in the wild