Siemens | Breaking Cybersecurity News | The Hacker News

Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon Security , the issues are tracked as  CVE-2022-38773  (CVSS score: 4.6), with the low severity stemming from the prerequisite that exploitation requires physical tampering of the device. The flaws "could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data," the company  said . More than 100 models are susceptible. Put differently, the weaknesses are the result of a lack of asymmetric signature verifications for firmware at bootup, effectively permitting the attacker to load tainted bootloader and firmware in a manner that undermines integrity protections. A more severe consequence of loading such ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released two Industrial Control Systems (ICS)  advisories  pertaining to severe flaws in Advantech R-SeeNet and Hitachi Energy APM Edge appliances. This consists of three weaknesses in the R-SeeNet monitoring solution, successful exploitation of which "could result in an unauthorized attacker remotely deleting files on the system or allowing remote code execution." The list of issues, which affect R-SeeNet Versions 2.4.17 and prior, is as follows - CVE-2022-3385 and CVE-2022-3386  (CVSS scores: 9.8) - Two stack-based buffer overflow flaws that could lead to remote code execution CVE-2022-3387  (CVSS score: 6.5) - A path traversal flaw that could enable a remote attacker to delete arbitrary PDF files Patches have been made available in version  R-SeeNet version 2.4.21  released on September 30, 2022. Also published by CISA is an update to a December 2021 advisory about mult...

A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices. "An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related  TIA Portal , while bypassing all four of its  access level protections ," industrial cybersecurity company Claroty  said  in a new report. "A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way." The critical vulnerability, assigned the identifier  CVE-2022-38465 , is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022. The list of impacted products and versions is below - SIMATIC Drive Controller family (all versions before 2.9.2) SIMATIC ET 200SP Open Controller CPU 1515SP PC2, including SIPLUS variants (...

Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder's bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents. 1. Stealing AWS Credentials with a Redirect Server-Side Request Forgery (SSRF) is a common vulnerability that can have a significant impact, especially in cloud-hosted applications. If a web application fetches resources from user-supplied URLs, care should be taken to ensure attackers can't manipulate requests to access unintended resources. While assessing a home-moving app running in AWS, our team tested common SSRF bypass techniques. The attack chain was as follows: the app sent a webhook request to the attacker's web server, which responded with a 302 redirect to AWS's metadata service. The app followed the redirect and logged the response, which exposed sensitive metadat...

Cybersecurity researchers have disclosed details about 15 security flaws in Siemens SINEC network management system (NMS), some of which could be chained by an attacker to achieve remote code execution on affected systems. "The vulnerabilities, if exploited, pose a number of risks to Siemens devices on the network including denial-of-service attacks, credential leaks, and remote code execution in certain circumstances," industrial security company Claroty  said  in a new report. The shortcomings in question — tracked from CVE-2021-33722 through CVE-2021-33736 — were addressed by Siemens in version V1.0 SP2 Update 1 as part of patches shipped on October 12, 2021. "The most severe could allow an authenticated remote attacker to execute arbitrary code on the system, with system privileges, under certain conditions," Siemens  noted  in an advisory at the time. Chief among the weaknesses is CVE-2021-33723 (CVSS score: 8.8), which allows for privilege escalation to...

As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak. Collectively called " NUCLEUS:13 ," successful attacks abusing the flaws can "result in devices going offline and having their logic hijacked," and "spread[ing] malware to wherever they communicate on the network," researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully  demonstrating  a scenario that could potentially disrupt medical care and critical processes. Siemens has since released  security updates  to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later). Primarily deployed in automotive, industrial, and medical applications, Nucleus ...

Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker's "holy grail." The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor. There's no evidence that the weakness was abused in the wild. In an  advisory  issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks. "Ach...

A former Siemens contractor has pledged guilty in federal court Friday to secretly planting code in automated spreadsheets he had created for the company over a decade ago that deliberately crashes the program every few years. David Tinley, a 62-year-old resident of Harrison City, Pennsylvania, was hired by Siemens as a contract employee for Monroeville, Pennsylvania location, in 2002 to create custom automated spreadsheets for various Siemens projects related to the power generation industry. However, according to the United States Justice Department ( DoJ ), Tinley intentionally and without the company's knowledge or authorization inserted "logic bombs" into computer programs that caused glitches in the spreadsheet after the expiration of a certain date. Logic Bomb is a piece of computer code intentionally inserted into software or system to carry out specific operations like crash or malfunction after certain conditions are met, or an amount of time has expire...

Stuxnet is a sophisticated virus specifically designed to attack supervisory control and data acquisition (SCADA) systems manufactured by Siemens, a German industrial giant. These systems are commonly used to manage water supplies, power plants, and other industrial facilities, making the worm particularly dangerous for governments. Who Wrote This Program? Experts in cybersecurity speculate that Stuxnet may have been created by a government or a well-financed group of investors. The virus is too complex to be the work of a single hacker. Given that much of the damage occurred in Iran, many believe Stuxnet was designed to sabotage the country's nuclear facilities. Cyber-Attacks Getting More Sophisticated Even if Stuxnet wasn't targeting U.S. infrastructure, its creation marks a new wave of cyberattacks. These attacks, including viruses and malware, aim at infrastructure such as power-generating facilities. This shift means we must now worry about more sophisticated threats, no...