Red Balloon Security, a firm specializing in firmware security, has discovered a potentially severe vulnerability affecting a large number of Siemens’ programmable logic controllers (PLCs).
Bypassing safeguarded boot features and permanently altering the controller’s operating code and data, the vulnerability, identified as CVE-2022-38773, could be exploited. Red Balloon Security attributes the problem to a number of architectural problems affecting Siemens Simatic and Siplus S7-1500 CPUs.
“The early boot process of the Siemens custom System-on-Chip (SoC) does not establish an unbreakable Root of Trust (RoT). In a blog post on Tuesday, Red Balloon explained that this included the absence of asymmetric signature verifications for all bootloader and firmware stages prior to execution.