The global private cryptographic keys are hard-coded into the Siemens Simatic programmable logic controller, which can be abused to get hold of the keys and take over the devices.
This top-secret information could be used by a hostile actor to permanently breach the SIMATIC S7-1200/1500 product line. Siemens has patched the significant vulnerability, which has the identifier CVE-2022-38465 and a CVSS score of 9.3, as part of security updates released on October 11, 2022. Read More…