The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Siemens

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

May 31, 2021Ravie Lakshmanan
Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor. There's no evidence that the weakness was abused in the wild. In an  advisory  issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. "Ach
Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

July 24, 2019Wang Wei
A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, was hired by Siemens as a contract employee for Monroeville, Pennsylvania location, in 2002 to create custom automated spreadsheets for various Siemens projects related to the power generation industry. However, according to the United States Justice Department ( DoJ ), Tinley intentionally and without the company's knowledge or authorization inserted "logic bombs" into computer programs that caused glitches in the spreadsheet after the expiration of a certain date. Logic Bomb is a piece of computer code intentionally inserted into software or system to carry out specific operations like crash or malfunction after certain conditions are met, or an amount of time has expire
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.