Siemens has shipped firmware updates to address a severe vulnerability in SIMATIC PLCs. The vulnerability could be exploited by a malicious actor to gain access to protected areas of the memory and achieve unrestricted and undetected code execution. The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor.
Source: https://thehackernews.com/2021/05/a-new-bug-in-siemens-plcs-could-let.html