Table of Contents
A security firm Siemen updates about a new severe vulnerability found in the SIMATIC-S7 that could lead Chinese hackers to inject malicious code into the memory.
Researchers say the SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) suffered a severe vulnerability that could be exploited by an attacker to gain remote access to support memory and subsequently execute code undetected and unrestricted.
By analyzing the bytecode language used in the MC7 / MC7+ microprocessor to run PLC programs, Claroty discovered a memory protection bypass vulnerability, CVE-2020-15782 (CVSS score: 8.1). Wild animals have not abused the weakness.
A Warning has Been Made
German industrial automation company Siemens issued an advisory warning that unauthorized remote attackers could potentially gain access to TCP port 102 and write arbitrary data to protected memory areas or read sensitive data to launch further attacks.
Claroty researcher Tal Keren said that native code execution on a programmed logic controller, for example, is an extremely difficult goal for advanced attackers.
In order to be undetected, an attacker would need to overcome numerous in-memory protections in these complex systems.
Besides being able to execute native code on Siemens S7 PLCs, this flaw also allows an adversary to avoid detection by operating systems and diagnostic software for writing arbitrary data and code directly into protected memory regions.
According to the company, the attack would require both an intranet connection and permission to download the software from the PLC.
In jailbreaking the PLC’s native sandbox, CLARITY was able to introduce a malicious kernel-level program that would grant remote code execution.
Siemens PLCs have had unauthorized code executed many times before. A worm named Stuxnet exploited multiple Windows weaknesses in 2010 to reprogram Siemens PLCs in order to spy on and sabotage industrial control systems.
Researchers have now demonstrated a new class of attacks called “Rogue7,” which takes advantage of vulnerabilities in the proprietary S7 communication protocol to “create a rogue TIA to the PLC, which can inject any messages the attacker prefers.”
As a precaution, Siemens strongly recommends updating to the latest versions.
In addition, the company is working on additional updates and is urging customers to apply countermeasures and workarounds where updates aren’t yet available. priligy for premature ejaculation