Security Holes Found in Siemens Control Systems [telecom]

Hard-Coded Password and Other Security Holes Found in Siemens Control Systems

By Kim Zette August 3, 2011

LAS VEGAS - A security researcher has uncovered a slew of vulnerabilities in Siemens industrial control systems, including a hard-coded password, that would let attackers reprogram the systems with malicious commands to sabotage critical infrastructures and even lock out legitimate administrators.

The vulnerabilities exist in several models of Siemens programmable logic controllers, or PLCs - the same devices that were targeted by the Stuxnet superworm and that are used in nuclear facilities and other critical infrastructures, as well as in commercial manufacturing plants that make everything from pharmaceuticals to automobiles.

Stuxnet was discovered on systems in Iran last year and is believed to have been aimed at destroying uranium-enrichment centrifuges at the Natanz nuclear facility in that country. It targeted Siemens Simatic Step7 software, which is used to monitor and program Siemens PLCs. It then intercepted legitimate commands going from the Step7 system to PLCs and replaced them with malicious commands aimed at sabotaging processes controlled by the PLC; in this case the spinning of centrifuges.

The newly discovered vulnerabilities go a step further than Stuxnet, however, in that they allow an attacker to communicate directly with a Siemens PLC without needing to compromise, or even use, the Step7 software.


formatting link

Reply to
Monty Solomon
Loading thread data ...

Much more interesting is this very long article with pictures and code samples which I don't recall seeing mentioned here before:

The above article is dated July 11, 2011.

Reply to
Thad Floryan Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.