Siemens Fixes a Major PLC Vulnerability that Bypasses its Sandbox Protection

78
Siemens Fixes a Major PLC Vulnerability that Bypasses its Sandbox Protection

ICS security provider Claroty, released data on a major vulnerability they discovered in Siemens SIMATIC S7-1200 and S7-1500 PLCs that might allow an attacker to obtain remote access to the popular programmable logic controllers’ secured memory sectors.

Siemens has released firmware updates for both PLC models to address the memory-protection bypass flaw -CVE-2020-15782 – which has a CVSS 8.1 severity rating, and the company plans to release more updated mitigations for products where updates are not yet available.

According to Siemens, “A remote unauthenticated attacker with network access to port 102/tcp might potentially write arbitrary data and code to protected memory areas or read sensitive data to launch multiple further attacks.”

To Read More: darkreading 

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.