From darkreading.com
A hidden feature in some newer models of the vendor’s programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.
An undocumented access feature in some newer models of Siemens programmable logic controllers (PLCs) can be used as both a weapon by attackers as well as a forensic tool for defenders, researchers have discovered.
Researchers at Ruhr University Bochum in Germany stumbled across the hardware-based special access feature in Siemens’ S7-1200 PLCs while studying its bootloader, which, among other things, handles software updates and verifies the integrity of the PLC’s firmware when the device starts up.