A vulnerability in Siemens Simatic programmable logic controller (PLC) can be exploited to retrieve the hard-coded, global private cryptographic keys and seize control of the devices.
“An attacker can use these keys to perform multiple advanced attacks against Siemens SIMATIC devices and the related TIA Portal, while bypassing all four of its access level protections,” industrial cybersecurity company Claroty said in a new report.
“A malicious actor could use this secret information to compromise the entire SIMATIC S7-1200/1500 product line in an irreparable way.”
The critical vulnerability, assigned the identifier CVE-2022-38465, is rated 9.3 on the CVSS scoring scale and has been addressed by Siemens as part of security updates issued on October 11, 2022.
images from Hacker News