In a recent safety statement, Siemens has warned SIMATIC S7-1200 and S7-1500 SIMATIC S7-1200 and S7-1500 before a safety prere and referred to availability firm and software updates for several products in which the PLC is used. A timely import of the already available updates is strongly recommended; Rights are further updates in preparation.
The vulnerable PLC serve primarily of the automated control of industrial machinery and equipment. Attackers were able to choose the Lucke with ID CVE-2020-15782 (CVSS Score 8.1, "High") If access protection is deactivated, abuse from remote and without prior authentication via the TCP / IP port 102 and writing to protected memory areas. According to the luck discoverers of Claroty, the execution of Boscoustical Codes (Remote Code Execution) is also possible.
So far, no active attacks are observed
"Through the discovered vulnerability it is (…) Applicable to bypass the PLC sandbox in the SPS CPUs of Siemens and so native code in protected storage areas", Allowed Claroty in a German-speaking press release. Unlike normal circumstances, the unauthorized (and unnoticed) exporting native codes on industrial control systems thanks to extensive in-memory protective mechanisms a difficult task. Further technical details delivers a detailed Claroty blog entry to CVE-2020-15782.
Attacks in a free wildlway have not been observed so far, which is of course none of the recommendation for the immediate update. Information about the available updates and additional protection measures recommended by Siemens can be found in Security Advisory SSA-434534.