Tag: firmware

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover
Risk, Security

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

Multiple architectural flaws in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) have been revealed by security researchers. These flaws could be used by a hostile actor to covertly instal firmware on the vulnerable devices and seize control of them. The vulnerabilities were identified by Red Balloon Security and are categorised as CVE-2022-38773 (CVSS score: 4.6), with the low severity resulting from the requirement that physical device tampering is required for exploitation. According to the business, the holes "may allow attackers to bypass all protected boot protections, resulting in persistent arbitrary change of operating code and data." There are more than 100 models that are weak. To put it another way, the flaws arise from the absence of asymmetri...