Researchers extract master encryption key from Siemens PLCs

Security researchers have found a way to extract a global encryption key that was hardcoded in the CPUs of several Siemens programmable logic controller (PLC) product lines, allowing them to compromise their secure communications and authentication. Siemens advises all customers to upgrade both the firmware of the impacted devices as well as the TIA Portal software that engineers use to communicate with them and deploy their programs.

According to security researchers from Claroty, Siemens introduced asymmetric cryptography to its SIMATIC S7-1200/1500 PLC CPUs almost a decade ago to protect their configuration, programs, and communications. However, the company chose to do so by using a hardcoded global private key for all devices from those product families because back then dynamic key distribution and management was not a common practice and a potential burden for customers.

“Since then, however, advances in technology, security research, and a swiftly changing threat landscape have rendered such hardcoded crypto keys an unacceptable risk,” the researchers said in their report. “A malicious actor who is able to extract a global, hardcoded key could compromise the entire device product line security in an irreparable way.”

Siemens PLCs use cryptographic keys for authentication and code protection

According to Claroty, Siemens S7-1200 and S7-1500 PLCs use several keys. A “per-family” key is shared by all devices from a product line and a “per-model/firmware” key is used to encrypt configurations and maintain code integrity, and a connection key that’s used in the authentication process, as well as to encrypt communications with clients. The connection key is derived from the configuration keys and is used for elliptic curve-based encryption.

This means attackers obtain the configuration key, they can potentially decrypt the user password from a PLC’s configuration as well as launch man-in-the-middle attacks even if they don’t have access to read the encrypted configuration.

The issue is that this family-wide configuration key is not stored in the device firmware – the operating system running on the device – but in the CPU itself, so reading it requires access to interact directly with CPU via opcodes. It only has to be done once on one device because they all share the key.

Researchers gained direct memory access to extract the key

Last year, the Claroty researchers found a remote code execution vulnerability (CVE-2020-15782) impacting S7 PLCs that allowed them to execute native code on the devices. Normally, the programs or logic that engineers write and deploy to PLCs through the specialized engineering software run inside a sandbox in the PLC OS. CVE-2020-15782 allowed the researchers to bypass that security layer and directly read and write to any normally protected memory address on the PLC.

“Using the DA [direct memory access] read permission we obtained, we were able to extract the entire encrypted PLC firmware (SIMATIC S7-1500) and map its functions,” the researchers said. “During the mapping process we found a function that read the private key on the PLC. Once we had the function address, we rewrote the functionality of specific MC7+ opcodes with our shell code, forcing them to call the native function that reads the private key. We then copied the key to a known memory address and read it from there. Executing the overwritten function gave us the full private key of the PLC.”

Key enables multiple attacks

Interacting with Siemens PLCs requires a password, but the permissions the client is granted to the device is defined by four levels of protection that can be configured. If the protection level is lower than three, an attacker can extract the configuration from the PLC without any special permission. This configuration contains the password hash but is encrypted. However, if they have the global private key, attackers can decrypt the password hash and use it to authenticate to the PLC with higher privileges.

If the protection level is higher than four, attackers can use the private key to launch a man-in-the-middle attack against a legitimate client instead. The way this would work is that they would simulate a fake PLC and force the client to try to authenticate to it. This would lead to the client sending an encrypted connection key to the rogue PLC, which would then be decrypted with the extracted global key in the attacker’s possession and used to connect to the real PLC. The real PLC would respond with a password challenge which the attacker would forward back to the client and obtain their response.

Forwarding the challenge response to the real PLC would allow them to establish an authenticated session with the privileges to read the configuration which includes the password hash. The password hash could then be decrypted using the global private key, giving attackers future access without repeating the man-in-the-middle session hijacking.

Finally, “an attacker with passive access to capture traffic to a given PLC on the network can intercept configuration reads/writes from the PLC,” the researchers warned. “Using the private key, the attacker can decrypt the configuration and extract the password hash. With the password hash the attacker can authenticate to the controller and write a new configuration.”

Users advised to upgrade the vulnerable devices and the engineering software

“SIMATIC S7-1200, S7-1500 CPUs and related products protect the built-in global private key in a way that cannot be considered sufficient any longer,” Siemens said in a new advisory in response to this issue. “Siemens recommends to update both the affected products as well as the corresponding TIA Portal project to the latest versions. TIA Portal V17 and related CPU firmware versions introduced protection of confidential configuration data based on individual passwords per device and TLS-protected PG/PC and HMI communication.”

The vulnerable devices include SIMATIC Drive Controller family versions lower than 2.9.2, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (including SIPLUS variants) versions lower than 21.9, SIMATIC S7-1200 CPU family (including SIPLUS variants) versions lower than 4.5.0, SIMATIC S7-1500 CPU family (including related ET200 CPUs and SIPLUS variants) versions lower than 2.9.2, SIMATIC S7-1500 Software Controller versions lower than 21.9, and SIMATIC S7-PLCSIM Advanced versions lower than 4.0. All versions of SIMATIC ET 200SP Open Controller CPU 1515SP PC (including SIPLUS variants) are also affected, but no fix is available or planned for them.