Broken Trust: Unpatchable Siemens PLC Vulnerability Disclosed
Trust. It’s a critical aspect of security—being able to trust that the processes in place are working appropriately and will alert users if they are compromised.
In hardware, the root of trust is the foundation for all secure operations in a computing system. It is intended to be secure by design because it is the base on which all specific, critical security functions are built, according to the National Institute of Standards and Technology (NIST).
A vulnerability disclosure this week, however, broke that trust for Siemens S7-1500 programmable logic controllers (PLCs). The affected models do not have “immutable root of trust in hardware,” which means the integrity of code executed on the device can not be validated during load-time.
“An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code,” the disclosure explained.
Researchers at Red Balloon Security discovered the vulnerability and reported it to Siemens approximately one year ago before disclosing it to the public earlier this week.
What is unique about this vulnerability is that it is “in the heart of the way the system boots up; it allows the attacker to get in as deep as possible,” explains Ang Cui, CEO of Red Balloon Security, who reported the vulnerability to Siemens with Yuanzhe Wu. “And not only is there not a fix today, there’s not a fix until all the S7-1500s are retired. This is a forever day that will be around for 12 to 15 years.”
What is the S7-1500 PLC?
Programmable logic controllers are small computers that receive data (called an input) and send operating instructions (called an output).
“A PLC takes in inputs, whether from automated data capture points or from human input points such as switches or buttons,” Polycase reports. “Based on its programming, the PLC then decides whether or not to change the output. A PLC’s outputs can control a huge variety of equipment, including motors, solenoid valves, lights, switchgear, safety shut-offs, and many others.”
The Siemens SIMATIC S7-1500 line was designed for continuous control in industrial environments, including manufacturing, food and beverages, and chemical industries around the world. The company’s SIPLUS line was designed to operate under extreme conditions and uses the same firmware product that it is based on.
Siemens declined to disclose an estimate of how many of the SIMATIC and SIPLUS S7-1500s are in use today, but researchers estimate it to be in the thousands.
What is the Vulnerability?
Red Balloon researchers discovered that defects in more than 100 products in the Siemens S7-1500 series allow its protected boot features to be bypassed.
“The vulnerabilities exist because the Siemens custom System-on-Chip (SoC) does not establish a tamper proof Root of Trust (RoT) in the early boot process,” according to Red Balloon’s research. “The Siemens RoT is implemented through the integration of a dedicated cryptographic secure element—the ATECC CryptoAuthentication chip. However, this architecture contains flaws that can be leveraged to compromise the system. Failure to establish a RoT on the device allows attackers to load custom-modified bootloaders and firmware.”
Because this is a hardware issue, it cannot be fixed with a software patch. This means that as long as the affected models are in use, they are vulnerable to this exploit.
“Exploitation of these vulnerabilities could allow offline attackers to generate arbitrary encrypted firmware that are bootable on all Siemens S7-1500 series PLC CPU modules,” according to Red Balloon’s research. “Furthermore, these vulnerabilities allow attackers to persistently bypass integrity validation and security features of the ADONIS operating system and subsequent user space code.”
Cui compares the ability to exploit the vulnerability to “God mode,” adding that attackers could use this vulnerability to write code to change how the operating system works, potentially inserting persistent malware or ransomware.
Looking at the vulnerability in a vacuum, it is only exploitable by having physical access to devices. But there is the possibility that the vulnerability could be combined with another vulnerability to enable remote exploitation, Cui says.
“The worst possible thing would be a smart person comes along, exploits [multiple S7-1500s] at the same time, and holds the world to ransom,” Cui adds. “That’s never happened before, but just because it hasn’t happened doesn’t mean it won’t.”
What Should Security Practitioners Do?
One of the issues is that S7-1500s are often used for several years before end users replace them. This means that vulnerable products could continue to be in use for 12 to 15 years, depending on where they are in their service life, Cui says.
Because of this, the researchers recommended several mitigation measures to Siemens: implementing runtime integrity attestation; adding asymmetric signature checks for firmware at the bootup scheme; and encrypting the firmware with device specific keys that are generated on individual devices. Red Balloon has also developed a tool—which is free for now—to allow owners and operators of Siemens S7-1500s to scan their devices to see if they have been compromised by this exploit.
“We haven’t thought about how to distribute it or whether it should be a product,” Cui says. “We’re trying to figure out how and where to put this, to actually do as much good as we can.”
Siemens has released new hardware versions for several CPU types of the S7-1500 product family and is working on new hardware versions for remaining PLC types to address the vulnerability completely, says Bernhard Wardin, communications manager for technology and innovation at Siemens. Wardin declined to answer what the timeline for the introduction of new hardware would be, however, or if it would be provided to researchers to ensure the vulnerability was fully addressed.
“In general, we at Siemens recommend to implement the defense-in-depth approach for plant operators and to configure the environment according to Siemens’ operational guidelines for industrial security,” Wardin adds.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) included the vulnerability in a list of 12 industrial control systems advisories issued Thursday.
CISA reported that there is no known public exploit of this vulnerability so far, but the agency did recommend security practitioners take defensive measures to minimize their risk of future exploitation. These measures include ensuring the “least-privilege user principle is followed,” performing proper impact analysis and risk assessments before deploying defensive measures, and reviewing CISA’s recommended practices for control systems security.
“Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents,” according to the advisory.
Tom Winston, director of intelligence content at Dragos, which specializes in industrial cybersecurity, says his company assesses with moderate confidence that while this vulnerability is important to disclose, it is not a one-to-one comparison to Stuxnet or easy to exploit.
“Since exploitation requires chaining off other as-of-yet-unknown vulnerabilities for remote exploitation, or physical access to the device, Dragos recommends best practices regarding multi-factor authentication schema for any remote access into the OT environment,” he adds. “Developing an exploit at the level of Stuxnet is not merely developing an exploit on one type of controller. Instead, it’s developing exploits for a system of systems that the adversary may not well understand.”
Security practitioners can still take steps to protect their systems from exploitation by reviewing their role-based access control to the physical IT and OT spaces, as well as auditing physical security access devices throughout the IT and OT environments, Winston says.