EP 08: A Matter Of Trust

What if a vulnerability exists in popular ICS devices, yet the only fix is to re-issue the hardware? This is true with some embedded security flaws. Ang Cui, founder and CEO of Red Balloon Security, talks about his company’s discovery of CVE-2022-38773, which affects the secure boot process in Siemens S7 1500 PLCs, and what the mitigations for devices using that might look like.