![]() ![]() ![]() Previously, they would have needed physical access and connections to the PLC, or techniques that target engineering workstations and other links to the PLC to achieve this level of code execution. These systems have numerous in-memory protections that any attacker would have to overcome not only to run code, but also to remain undetected. Claroty says it is not aware of any public exploitation of the vulnerability.Īccording to cyber-researchers, achieving native code execution on an industrial control system such as a PLC is an aim few attackers have achieved. To eliminate the vulnerability, Siemens has updated the firmware for both PLCs, and has issued an advisory notice (SSA-434534) informing its customers about the details. The researchers at Claroty describe such unrestricted and undetected code execution as the “holy grail” for cyber-attackers, allowing them to hide code deep inside the PLC undetected by the operating system, or any diagnostic software. Cyber-researchers have found a vulnerability in Siemens’ Simatic S7-1200 and S7-1500 PLCs that could give attackers read and write access anywhere on the PLC, allowing them to execute malicious code remotely. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |