Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them.
Discovered by Red Balloon Security, the issues are tracked as CVE-2022-38773 (CVSS score: 4.6), with the low severity stemming from the prerequisite that exploitation requires physical tampering of the device.
The flaws “could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data,” the company said. More than 100 models are susceptible.
Put differently, the weaknesses are the result of a lack of asymmetric signature verifications for firmware at bootup, effectively permitting the attacker to load tainted bootloader and firmware in a manner that undermines integrity protections.