"More Than 120 Models of Siemens' S7-1500 PLCs Contain a Serious Vulnerability—and No Fix Is on the Way"
The computer worm Stuxnet crippled hundreds of centrifuges within Iran's Natanz uranium enrichment plant in 2009 by targeting the software running on the facility's industrial computers, known as Programmable Logic Controllers (PLCs). All of the exploited PLCs were models from Siemens' widespread and long-running SIMATIC S7 product line. More than a decade later, Siemens has recently discovered that an attacker could exploit a vulnerability in its S7-1500 series to install malicious firmware on the devices and take complete control of them. Researchers at embedded device security company Red Balloon Security uncovered the vulnerability after spending more than a year developing a technique to examine the S7-1500's firmware, 1500's, which Siemens has encrypted for enhanced security since 2013. The vulnerability derives from a flaw in the implementation of the cryptography, but Siemens cannot correct it with a software patch since the scheme is physically burned onto a dedicated ATECC CryptoAuthentication chip. Therefore, Siemens has stated that there are no plans for a fix for the 122 S7-1500 PLC models that the company identifies as vulnerable. This article continues to discuss the vulnerability impacting over 120 models of Siemens' S7-1500 PLCs.