Hard-Coded Password and Other Security Holes Found in Siemens Control Systems
By Kim Zette August 3, 2011
LAS VEGAS - A security researcher has uncovered a slew of vulnerabilities in Siemens industrial control systems, including a hard-coded password, that would let attackers reprogram the systems with malicious commands to sabotage critical infrastructures and even lock out legitimate administrators.
The vulnerabilities exist in several models of Siemens programmable logic controllers, or PLCs - the same devices that were targeted by the Stuxnet superworm and that are used in nuclear facilities and other critical infrastructures, as well as in commercial manufacturing plants that make everything from pharmaceuticals to automobiles.
Stuxnet was discovered on systems in Iran last year and is believed to have been aimed at destroying uranium-enrichment centrifuges at the Natanz nuclear facility in that country. It targeted Siemens Simatic Step7 software, which is used to monitor and program Siemens PLCs. It then intercepted legitimate commands going from the Step7 system to PLCs and replaced them with malicious commands aimed at sabotaging processes controlled by the PLC; in this case the spinning of centrifuges.
The newly discovered vulnerabilities go a step further than Stuxnet, however, in that they allow an attacker to communicate directly with a Siemens PLC without needing to compromise, or even use, the Step7 software.