Analysis
Attacks and Vulnerabilities
Critical infrastructure
ICS Security Framework
Industrial Cyber Attacks
Malware, Phishing & Ransomware
News
Vulnerabilities

Red Balloon finds multiple architectural vulnerabilities across Siemens SIMATIC, SIPLUS S7-1500 series PLC

January 11, 2023
Red Balloon finds multiple architectural vulnerabilities across Siemens SIMATIC, SIPLUS S7-1500 series PLC

New research from Red Balloon has determined the presence of multiple architectural vulnerabilities prevalent in the Siemens SIMATIC and SIPLUS S7-1500 series PLC (Programmable Logic Controller) that could allow attackers to bypass all protected boot features, resulting in persistent arbitrary modification of operating code and data. Affecting around 120 Siemens products and solutions, the S7-1500 is a high-performance controller that is considered to possess comprehensive security protections amongst Siemens PLC products.

“The Siemens custom System-on-Chip (SoC) does not establish an indestructible Root of Trust (RoT) in the early boot process. This includes lack of asymmetric signature verifications for all stages of the bootloader and firmware before execution,” Red Balloon researchers wrote in their Tuesday blog post. “Failure to establish Root of Trust on the device allows attackers to load custom-modified bootloader and firmware. These modifications could allow attackers to execute and bypass tamper-proofing and integrity-checking features on the device,” they added.

The Red Balloon researchers said that the vulnerabilities exist because the Siemens custom SoC does not establish a tamper-proof Root of Trust in the early boot process. “The Siemens RoT is implemented through the integration of a dedicated cryptographic secure element — the ATECC CryptoAuthentication chip. However, this architecture contains flaws that can be leveraged to compromise the system. Failure to establish a RoT on the device allows attackers to load custom-modified bootloaders and firmware,” they added. 

Architectural vulnerabilities enable offline attackers to decrypt encrypted firmware of Siemens S7-1500 series PLCs, as well as to generate arbitrary encrypted firmware that can be booted on more than 100 different CPU modules of the same series. Moreover, these vulnerabilities enable attackers to persistently circumvent integrity validation and security features of the ADONIS operating system and subsequent user space code. A CVE-2022-38773 has been assigned, and a CVSS v3 score of 4.6 was assessed.

The researchers revealed that exploitation of the issue requires physical tampering of the product. Siemens recommends assessing the risk of physical access to the device in the target deployment and implementing measures to ensure that only trusted personnel have access to the physical hardware. Furthermore, Siemens has released new hardware versions for several CPU types of the S7-1500 product family that contain a secure boot mechanism, and is working on updated hardware versions for the remaining PLC types.

Red Balloon’s research identified multiple, critical architectural vulnerabilities in the Siemens S7-1500 series, which allow for the bypass of all protected boot features. The discovery has potentially significant implications for industrial environments, as these unpatchable hardware root-of-trust vulnerabilities could result in persistent, arbitrary modification of S7-1500 operating code and data.

The researchers said that exploitation of these vulnerabilities could allow offline attackers to generate arbitrary encrypted firmware that are bootable on all Siemens S7-1500 series PLC CPU modules. “Furthermore, these vulnerabilities allow attackers to persistently bypass integrity validation and security features of the ADONIS operating system and subsequent user space code. Red Balloon has reported these vulnerabilities to Siemens, and Siemens has confirmed them,” they added.

According to Red Balloon, the fundamental flaws in implementing a Root of Trust (RoT) on hardware devices with dedicated cryptographic processors cannot be addressed through patching or firmware updates as it is physically impossible to alter the hardware. “To limit the effects of potential exploitation of these vulnerabilities, Red Balloon has recommended several mitigations to Siemens which include: implement runtime integrity attestation; add asymmetric signature check for firmware at bootup scheme; and encrypt the firmware with device specific keys that are generated on individual devices,” the company added.

The researchers said that the ATECC CryptoAuthentication-based RoT hardware implementation is vulnerable and deployed across the Siemens S7-1500 series product line. “The firmware gets decrypted in memory and executed each time during bootup. The decryption keys are not built into the firmware itself. Instead, a physical secure element chip — the ATECC108 CryptoAuthentication coprocessor — is used to calculate a decryption seed based on the firmware metadata (header) and the master key inside the secure element. The decryption seed then derives the AES keys for different parts of the encrypted firmware,” they added. 

However, the post added, this ATECC CryptoAuthentication implementation contains flaws that can be leveraged to compromise the integrity of the system. The secure element’s shared secret is exposed, allowing attackers to abuse the secure element. The shared secret resides in the device’s nonvolatile storage, which can be accessed by attackers. The CryptoAuthentication chip can be used as an oracle to generate the decryption seed, which is used to derive Advanced Encryption Standard (AES) keys for encrypted firmware. Investigation of the plaintext bootloader uncovered the firmware AES key derivation and decryption scheme.

The Red Balloon researchers stated that the attack flow enables an attacker to load a custom-modified bootloader and firmware to vulnerable Siemens S7-1500 series PLCs. Additionally, the attacker can target the vulnerable ATECC secure ‘cryptographic-processor’ to establish a Root of Trust with modified firmware. An attacker with physical access to the device can attach to the I2C communication bus or extract the physical ATECC chip from the PLC’s PCB to falsely authenticate and use it as an oracle to generate firmware decryption material. The final step for an attacker is to flash the modified firmware onto the device, either through NAND flash reprogramming or by chaining it with an existing remote code execution vulnerability.

In its advisory, Siemens thanked Yuanzhe Wu and Ang Cui from Red Balloon Security for their coordinated disclosure. The German company, Siemens, released new hardware versions of the S7-1500 product family that contain a secure boot mechanism that resolves the vulnerability. Additionally, Siemens is working on new hardware versions for other PLC types to address this vulnerability further.

In October, the Team82 research arm of industrial cybersecurity company Claroty detailed a new method to extract heavily guarded, hardcoded, global private cryptographic keys embedded within the Siemens SIMATIC S7-1200/1500 PLC and TIA Portal product lines. By extracting the PLC’s hardcoded private key, the researchers were able to demonstrate multiple attack scenarios including decryption of all communication between S7 PLCs and an EWS, decryption of the configured password hash on the PLC, which could be used to gain full access to the PLC, and conduct man-in-the-middle attacks.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights