Siemens says it will fix SCADA bugs

On Wednesday, researchers pulled a talk on the Siemens PLC issues due to security concerns

Siemens is working on a fix for some serious vulnerabilities recently discovered in its industrial control system products used to manage machines on the factory floor.

The company said Thursday that it was testing patches for the issues, just one day after a security researcher, Dillon Beresford of NSS Labs, was forced to cancel a talk on the issue because of security concerns.

NSS Labs had been working with Siemens and the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response (ICS CERT) on addressing the issues for the past week-and-a-half. But the company decided to pull its talk when it turned out that Siemens' proposed fixes were not completely effective, according to Rick Moy, CEO of NSS Labs.

Siemens didn't say when it expected to fix the problems. "Our team continues to work diligently on this issue -- also together with both NSS Labs and ICS CERT. We are in the process of testing patches and developing mitigation strategies," Siemens said in a statement.

Industrial control systems have come under increased scrutiny in the year since the Stuxnet worm was discovered. Stuxnet, thought to have been built to disrupt Iran's nuclear program, was the first piece of malware built with industrial systems in mind, and it targeted a Siemens system.

Since then, security researchers have been poking and prodding all sorts of industrial devices, and by all accounts, they've found plenty of bugs.

While Siemens may be developing patches, installing them will be another issue entirely. Industrial systems are difficult to patch; entire production lines may have to be taken offline for a fix to be rolled out, and that can take months of planning. Many factories run old, unpatched systems and it's still common to see unsupported systems such as Windows 2000 on the factory floor.

Not much is known about the Siemens bugs themselves, but in an interview Wednesday, Moy described them as serious enough to allow hackers to control a Siemens PLC (programmable logic controller) system.

But in its statement, Siemens downplayed the issue somewhat, implying that the flaws might be difficult for the typical hacker to exploit. "While NSS Labs has demonstrated a high level of professional integrity by providing Siemens access to its data, these vulnerabilities were discovered while working under special laboratory conditions with unlimited access to protocols and controllers," Siemens said.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the PC World newsletter!

Error: Please check your email address.

Tags siemensNSS LabsAutomotivesecurityManufacturingenergyindustry verticalsExploits / vulnerabilities

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?