Share

Related Stories

Top 5 Stories

News

Siemens to plug SCADA holes early next year

28 December 2011

Siemens expects to issue a patch in January to fix security holes in its supervisory control and data acquisition (SCADA) products that control industrial automation systems.

Siemens said in a statement last week that it was notified of vulnerabilities in its SCADA products by security researchers Billy Rios and Terry McCorkle. These products include the WinCC flexible RT versions from 2004 to 2008 SP2 and WinCC Runtime Advanced V11 and multiple SIMATIC panels (TP, OP, MP, Comfort).

The company said that it would issue security updates for the vulnerabilities, first reported in May 2011, next month.

In a security advisory, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the US Department of Homeland Security, said that it was made aware of the vulnerabilities identified by Rios and McCorkle in Siemens’s SCADA products used as an interface between operations and programmable logic controllers (PLCs).

“Systems running affected versions of this product are accessible using a default username and password. These systems also generate an insecure authentication token for browser sessions”, ICS-CERT explained. The advisory added that “no known exploits specifically target these vulnerabilities.”

ICS-CERT recommended that asset owners take the following defensive measures to protect against cyberattack: minimize network exposure for all control system devices; locate control system networks and remote devices behind firewalls and isolate them from the business network; and use secure remote access methods, such as virtual private networks.
 

This article is featured in:
Application Security  •  Identity and Access Management  •  Internet and Network Security  •  IT Forensics

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×