Exploitation of the vulnerability, tracked as CVE-2022-38773, could allow an attacker to bypass protected boot features and persistently modify the controller’s operating code and data. The cause, according to Red Balloon Security, is a series of architectural issues affecting Siemens Simatic and Siplus S7-1500 CPUs.
“The Siemens custom System-on-Chip (SoC) does not establish an indestructible Root of Trust (RoT) in the early boot process. This includes lack of asymmetric signature verifications for all stages of the bootloader and firmware before execution,” Red Balloon explained in a blog post on Tuesday.
