Unpatched Hardware Vulnerability Allows Siemens PLC Hacking


Red Balloon Security, a firm specializing in firmware security, has discovered a potentially severe vulnerability affecting a large number of Siemens’ programmable logic controllers (PLCs).

Bypassing safeguarded boot features and permanently altering the controller’s operating code and data, the vulnerability, identified as CVE-2022-38773, could be exploited. Red Balloon Security attributes the problem to a number of architectural problems affecting Siemens Simatic and Siplus S7-1500 CPUs.

Also Read: Schneider Electric, Siemens Inform Customers About Multiple Vulnerabilities

“The early boot process of the Siemens custom System-on-Chip (SoC) does not establish an unbreakable Root of Trust (RoT). In a blog post on Tuesday, Red Balloon explained that this included the absence of asymmetric signature verifications for all bootloader and firmware stages prior to execution.

Read More: Unpatchable Hardware Vulnerability Allows Hacking of Siemens PLCs

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.