SecurityWeek reports that threat actors could exploit a critical security vulnerability in Siemens programmable logic controllers involving the acquisition of global private keys that could then be leveraged for PLC hacking.
The flaw, tracked as CVE-2022-38465, has been identified by Claroty researchers who were able to secure a private key following exploitation of another bug, tracked as CVE-2020-15872, to obtain direct memory access, as well as enable total PLC control and man-in-the-middle attack capabilities. Such findings have been confirmed by Siemens, which noted that the new vulnerability has stemmed from inadequate cryptographic key protections that could prompt attacks against the whole product line with the same private key. "Siemens is not aware of related cybersecurity incidents but considers the likelihood of malicious actors misusing the global private key as increasing," said Siemens, which has already announced fixes for the flaw. While unique passwords and TLS 1.3 communications protections have been implemented by Siemens, the company noted that applying firmware updates alone is insufficient. "In addition, the hardware configuration in the TIA Portal project (V17 or later) must also be updated to the corresponding CPU version and downloaded to the PLC," the company added.
