← Back to home
SIEMENS-SSA-482757  ·  Published 2025-01-14  ·  View on Siemens ProductCERT ↗

SSA-482757 V1.5 (Last Update: 2025-01-14): Missing Immutable Root of Trust in S7-1500 CPU devices

CVSS N/A MEDIUM

Risk Summary

<p>Affected models of the S7-1500 CPU product family do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code.</p> <p>As exploiting this vulnerability requires physical tampering with the product, Siemens recommends to assess the risk of physical access to the device in the target deployment and to implement measures to make sure that only trusted personnel have access to the physical hardware.</p> <p>The vulnerability is related to the hardware of the product. Siemens has released new hardware versions for several CPU types of the S7-1500 product family in which this vulnerability is fixed and is working on new hardware versions for remaining PLC types to address this vulnerability completely. See the chapter “Additional Information” below for more details.</p> <p

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-482757 V1.5 (Last Update: 2025-01-14): Missing Immutable Root of Trust in S7-1500 CPU devices See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more