Siemens Simatic S7-1500 PLC Found to Be Vulnerable to DoS Attacks

  • Positive Technologies SCADA security researchers discovered two “high” severity vulnerabilities in Siemens Simatic S7-1500 PLC.
  • Siemens released a firmware update to address them, but older units will have to follow a different approach.
  • Both vulnerabilities can potentially lead to a DoS condition by sending specially crafted packs through two ports.

Siemens has published the results of a security audit conducted by Positive Technologies on their Simatic S7-1500 PLC solution, with the most critical findings being two severe vulnerabilities (CVE-2018-16558 and CVE-2018-16559) that could be exploited in DoS (Denial of Service) attack scenarios. Considering the crucial role that PLCs (programmable logic controllers) play in industrial environments, a disruption in their operation could be translated to enormous financial losses. Siemens has already released the firmware update to address the findings, and everyone is recommended to update to version 2.5 or later. Those who own earlier units that can’t upgrade to the most recent version due to hardware limitations are advised to protect the specific TCP ports that were leveraged during the audit.

More specifically, and as Paolo Emiliani, the SCADA Research Analyst of Positive Technologies puts it: “With these vulnerabilities, an unauthenticated attacker could perform denial of service against a PLC and severely impact industrial processes. This is possible by sending a specially crafted network packet to TCP ports 80 or 443 of vulnerable CPUs. To restore PLC functioning, owners must manually switch the device to a normal operating mode. Crucially, successful exploitation does not require system privileges or user interaction which makes the overall risk and exposure higher.”

Both vulnerabilities that can lead to the DoS condition want attackers to use ports 80/tcp or 443/tcp to send specially crafted network packets. No administration privileges or other user interaction is required for the achievement of the compromise, but as Siemens clarifies for both, there have been no known cases of anyone taking advantage of the particular security holes. The CVSS (Common Vulnerability Scoring System) v3.0 score that both received was 7.5, meaning that the severity of the vulnerabilities was classified as “high.”

Siemens is advising users of the Simatic S7-1500 PLC to update its firmware if possible, protect network access to the aforementioned ports, apply cell protection, and also to apply defense-in-depth (incorporate multiple layers of security controls). Siemens is one of the market leaders in the field of PLC solutions, and they are taking security seriously, especially after its reputation was lashed with the Stuxnet worm that afflicted the company’s systems in many countries around the globe.

Do you have any comments on the above? Let us know of your thoughts in the section underneath, and don’t hesitate to hop to our socials on Facebook and Twitter so you can check out what else is on in the tech world today.



Banking Trojan Targets 100 Organizations in Brazil

A banking trojan from Latin America was found targeting almost 100 Brazilian organizations and individuals.The malware was first noticed in late August...

The Number of Phishing Emails Impersonating Craigslist Is Growing

Craigslist Gsuite & Microsoft users are being targeted with phishing emails that present a fake user login page.These emails rely on brand...

Best Buy, Home Depot, and Lowes Drop Surveillance Companies Linked With Uyghur Oppression

Best Buy, Home Depot, and Lowes have decided to pull off the shelves all the security cameras from Lorex and Ezviz.The US...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari