#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Siemens | Breaking Cybersecurity News | The Hacker News

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

Jan 12, 2023 Firmware and Hardware Security
Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security , the issues are tracked as  CVE-2022-38773  (CVSS score: 4.6), with the low severity stemming from the prerequisite that exploitation requires physical tampering of the device. The flaws "could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data," the company  said . More than 100 models are susceptible. Put differently, the weaknesses are the result of a lack of asymmetric signature verifications for firmware at bootup, effectively permitting the attacker to load tainted bootloader and firmware in a manner that undermines integrity protections. A more severe consequence of loading such modi
CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi

CISA Warns of Critical Flaws Affecting Industrial Appliances from Advantech and Hitachi

Oct 19, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS)  advisories  pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution." The list of issues, which affect R-SeeNet Versions 2.4.17 and prior, is as follows - CVE-2022-3385 and CVE-2022-3386  (CVSS scores: 9.8) - Two stack-based buffer overflow flaws that could lead to remote code execution CVE-2022-3387  (CVSS score: 6.5) - A path traversal flaw that could enable a remote attacker to delete arbitrary PDF files Patches have been made available in version  R-SeeNet version 2.4.21  released on September 30, 2022. Also published by CISA is an update to a December 2021 advisory about multiple flaws in Hitac
Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know

Feb 13, 2024SaaS Security / Data Breach
The Midnight Blizzard and Cloudflare-Atlassian cybersecurity incidents raised alarms about the vulnerabilities inherent in major SaaS platforms. These incidents illustrate the stakes involved in SaaS breaches — safeguarding the integrity of SaaS apps and their sensitive data is critical but is not easy. Common threat vectors such as sophisticated spear-phishing, misconfigurations and vulnerabilities in third-party app integrations demonstrate the complex security challenges facing IT systems. In the case of Midnight Blizzard, password spraying against a test environment was the initial attack vector. For Cloudflare-Atlassian, threat actors initiated the attack via compromised  OAuth tokens  from a prior breach at Okta, a SaaS identity security provider.  What Exactly Happened? Microsoft Midnight Blizzard Breach Microsoft was targeted by the Russian "Midnight Blizzard" hackers (also known as Nobelium, APT29, or Cozy Bear) who are linked to the SVR, the Kremlin's forei
Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

Critical Bug in Siemens SIMATIC PLCs Could Let Attackers Steal Cryptographic Keys

Oct 12, 2022
A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related  TIA Portal , while bypassing all four of its  access level protections ," industrial cybersecurity company Claroty  said  in a new report. "A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way." The critical vulnerability, assigned the identifier  CVE-2022-38465 , is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022. The list of impacted products and versions is below - SIMATIC Drive Controller family (all versions before 2.9.2) SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (all
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Over a Dozen Flaws Found in Siemens' Industrial Network Management System

Over a Dozen Flaws Found in Siemens' Industrial Network Management System

Jun 18, 2022
Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution in certain circumstances," industrial security company Claroty  said  in a new report. The shortcomings in question — tracked from CVE-2021-33722 through CVE-2021-33736 — were addressed by Siemens in version V1.0 SP2 Update 1 as part of patches shipped on October 12, 2021. "The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions," Siemens  noted  in an advisory at the time. Chief among the weaknesses is CVE-2021-33723 (CVSS score: 8.8), which allows for privilege escalation to
13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

Nov 10, 2021
As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak. Collectively called " NUCLEUS:13 ," successful attacks abusing the flaws can "result in devices going offline and having their logic hijacked," and "spread[ing] malware to wherever they communicate on the network," researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully  demonstrating  a scenario that could potentially disrupt medical care and critical processes. Siemens has since released  security updates  to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later). Primarily deployed in automotive, industrial, and medical applications, Nucleus
A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

May 31, 2021
Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor. There's no evidence that the weakness was abused in the wild. In an  advisory  issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. "Ach
Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

Siemens Contractor Pleads Guilty to Planting 'Logic Bomb' in Spreadsheets

Jul 24, 2019
A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, was hired by Siemens as a contract employee for Monroeville, Pennsylvania location, in 2002 to create custom automated spreadsheets for various Siemens projects related to the power generation industry. However, according to the United States Justice Department ( DoJ ), Tinley intentionally and without the company's knowledge or authorization inserted "logic bombs" into computer programs that caused glitches in the spreadsheet after the expiration of a certain date. Logic Bomb is a piece of computer code intentionally inserted into software or system to carry out specific operations like crash or malfunction after certain conditions are met, or an amount of time has expire
Cybersecurity Resources