Siemens says it will fix SCADA bugs

On Wednesday, researchers pulled a talk on the Siemens PLC issues due to security concerns

Siemens is working on a fix for some serious vulnerabilities recently discovered in its industrial control system products used to manage machines on the factory floor.

The company said Thursday that it was testing patches for the issues, just one day after a security researcher, Dillon Beresford of NSS Labs, was forced to cancel a talk on the issue because of security concerns.

NSS Labs had been working with Siemens and the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response (ICS CERT) on addressing the issues for the past week-and-a-half. But the company decided to pull its talk when it turned out that Siemens' proposed fixes were not completely effective, according to Rick Moy, CEO of NSS Labs.

Siemens didn't say when it expected to fix the problems. "Our team continues to work diligently on this issue -- also together with both NSS Labs and ICS CERT. We are in the process of testing patches and developing mitigation strategies," Siemens said in a statement.

Industrial control systems have come under increased scrutiny in the year since the Stuxnet worm was discovered. Stuxnet, thought to have been built to disrupt Iran's nuclear program, was the first piece of malware built with industrial systems in mind, and it targeted a Siemens system.

Since then, security researchers have been poking and prodding all sorts of industrial devices, and by all accounts, they've found plenty of bugs.

While Siemens may be developing patches, installing them will be another issue entirely. Industrial systems are difficult to patch; entire production lines may have to be taken offline for a fix to be rolled out, and that can take months of planning. Many factories run old, unpatched systems and it's still common to see unsupported systems such as Windows 2000 on the factory floor.

Not much is known about the Siemens bugs themselves, but in an interview Wednesday, Moy described them as serious enough to allow hackers to control a Siemens PLC (programmable logic controller) system.

But in its statement, Siemens downplayed the issue somewhat, implying that the flaws might be difficult for the typical hacker to exploit. "While NSS Labs has demonstrated a high level of professional integrity by providing Siemens access to its data, these vulnerabilities were discovered while working under special laboratory conditions with unlimited access to protocols and controllers," Siemens said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Topics: NSS Labs, siemens, Automotive, security, Manufacturing, Exploits / vulnerabilities, industry verticals, energy
Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Compare & Save

Deals powered by WhistleOut
WhistleOut

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?