Industrial operations with equipment running Siemens network-connected S7-1500 series programmable logic controllers (PLCs) are being warned to physically isolate the devices after the discovery of serious vulnerabilities.
According to researchers at Red Balloon Security, multiple architectural vulnerabilities exist in the Siemens SIMATIC and SIPLUS S7-1500 series PLCs that could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data.
The fundamental vulnerabilities — improper hardware implementations of the Root of Trust (RoT) using a dedicated cryptographic-processor — are unpatchable and cannot be fixed by a firmware update, since the hardware is physically unmodifiable, say the researchers.
The Siemens custom system-on-chip (SoC) doesn’t establish an indestructible RoT in the early boot process, researchers say in a report this week. This includes lack of asymmetric signature verifications for all stages of the bootloader and firmware before execution. Failure to establish Root of Trust on the device allows attackers to load a custom-modified bootloader and firmware. These modifications could allow attackers to execute and bypass tamper-proofing and integrity-checking features on the device.
“Architectural vulnerabilities allow offline attackers not only to decrypt S7-1500 series PLC encrypted firmware, but also to generate arbitrary encrypted firmware that are bootable on more than 100 different Siemens S7-1500 series PLC CPU modules,” say the researchers. Furthermore, these vulnerabilities allow attackers to persistently bypass integrity validation and security features of the ADONIS operating system and subsequent user space code.”
In an advisory, Siemens says an attacker would need physical access to the device to replace the boot image of the device and execute arbitrary code.
Because exploiting this vulnerability requires physical tampering with the product, Siemens recommends customers assess the risk of physical access to the device(s) and implement measures — such as placing the devices in locked control cabinets — to make sure that only trusted personnel have access to them.
Red Balloon also recommends IT pros implement runtime integrity attestation; add asymmetric signature check for firmware at bootup scheme; and encrypt the firmware with device-specific keys that are generated on individual devices.
The vulnerabilities have been named CVE-2022-38773, and a CVSS v3 score of 4.6 was assessed.
According to Siemens, SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverages, and chemical industries.
The manufacturer has released new hardware versions for several CPU types of the S7-1500 product family in which this vulnerability is fixed, and is working on new hardware versions for remaining PLC types to address this vulnerability completely.
An attack scenario would look like this, says Red Balloon: An attacker with physical access to the device could either attach to the I2C communication bus or extract the physical ATECC chip from the PLC’s PCB to falsely authenticate and use it as an oracle to generate firmware decryption material. The Siemens ADONIS RTOS Firmware and bootloader integrity check is located in the firmware itself (chain of trust) which can be easily bypassed through the attacker’s tampered firmware.
The last step would be flashing the modified firmware onto the device either through NAND flash reprogram, or to chain it with an existing remote code execution vulnerability. By flashing malicious firmware on a target device, either physically or by exploiting an existing remote code execution vulnerability, attackers could persistently gain arbitrary code execution and potentially circumvent any official security and firmware updates, without the user’s knowledge.