Siemens controls
Another security gap
The Claroty Research Team has identified and reported a serious vulnerability to bypass the memory protection of the S7-1200 and S7-1500 PLCs.
Attackers could abuse the vulnerability (CVE-2020-15782) on controllers with disabled access protection to gain read and write access and remotely execute malicious code. Siemens has already updated the firmware of the affected devices and published corresponding notes for its customers. Users are strongly advised to update their systems accordingly. So far, there are no indications that the vulnerability has already been exploited.
Vulnerability with explosive potential
There have already been several cyber attacks on Siemens controllers. The vulnerability that has now been discovered concerns the possible circumvention of the memory protection of the PLCs.
© ClarotyExecuting native code on an industrial control system such as a programmable logic controller (PLC) is a goal that relatively few highly skilled attackers have achieved to date. The complex systems have numerous in-memory protection mechanisms that would need to be overcome for an attacker to not only execute the code but also remain undetected. To reach this level of code execution, physical access or techniques targeting engineering workstations and other connections to the PLC were previously required. However, the discovered vulnerability makes it possible to bypass the PLC sandbox in Siemens' PLC CPUs and thus execute native code in protected memory areas.
The disclosure of the vulnerability is a result of the existing partnership between Siemens and Claroty. The close coordination between Siemens and Claroty included the exchange of technical details, attack techniques and mitigation advice, which contributed to the patches being available in Siemens' latest update. Both companies strongly advise users to update as this is a critical vulnerability.
You might also be interested in
Programmable logic controllers
Top 20 Secure PLC Coding Practices
Secure coding practices for programmable logic controllers (PLCs) are now being published for the first time. Such programming principles, which help to take security into account, are common for IT software, but until now there was no such thing...
read more...For industrial DPM and life sciences applications
Omron's V410-H family of handheld barcode readers comprises three models - XD, SR and HC.
read more...Vulnerability discovered in Scalance switches from Siemens
Nozomi Networks Labs has discovered a new vulnerability in Siemens' Scalance Switches. It affects the Telnet server and allows a hacker to crash the service by sending large amounts of packets via TCP port 23.
read more...Engineering software / Security
Gap discovered in the 'Siemens Step 7 TIA Portal'
Tenable, a cyber security expert, has discovered a critical vulnerability in the 'Siemens Step 7 TIA Portal'. The vulnerability affects the same device family that was affected by Stuxnet.
read more...Stuxnet - die ersten fünf Opfer identifiziert
Seit der Stuxnet-Wurm vor mehr als 4Jahren entdeckt wurde, ranken sich viele Geschichten und offene Fragen um den Schädling. Nach einer Analyse von über zweitausend Dateien haben Experten von Kaspersky Lab nach eigener Aussage nun die ersten fünf...
read more...Strategic cooperation to protect cyber-physical systems
Claroty works with Amazon Web Services to help companies realize the full potential of the cloud.
read more...Transparency and risk reduction
Claroty extends integration with Crowdstrike: Native integration enables CrowdStrike Falcon Discover for IoT to provide contextualized, detailed visibility by detecting and capturing all connected assets in industrial and enterprise environments.
read more...Stuxnet-like vulnerability eliminated
Specialists from Claroty and Rockwell Automation have now published two vulnerabilities in PLCs and engineering workstation software from Rockwell. Users are strongly advised to update the affected products.
read more...Holistic approach required
In recent months, ransomware attacks have repeatedly made the headlines. And they show: Attacks on corporate IT can also cause problems in the OT environment.
read more...