Stuxnet-exploitable security flaws are still there says expert

According to Ralph Langner, as a result of this situation, Siemens industrial control customers are still open to a wide range of potentially damaging cyber-attacks.

Paul Roberts of the Threatpost newswire says that Langner explained that a number of critical vulnerabilities remain in Windows-based management applications and software used to directly manage industrial controllers by Siemens.

Langner, a principal and founder of Langner Communications, is an independent expert on industrial control system security. He is credited with being one of the first to connect the Stuxnet worm to an attack on uranium enrichment facilities within Iran.

According to some newswires, he was also amongst the first to point fingers of responsibility for the attack on the US and Israel.

Threatpost quotes Langner as saying that the media has paid too much attention to the four, zero day Windows vulnerabilities that enabled the Stuxnet worm, but overlooked the other security holes used by the worm.

Unlike the Windows vulnerabilities, which Microsoft quickly fixed, many of the holes in Siemens' products remain unpatched, he claims.

"Langner enumerates three types of exploits used by Stuxnet - only one category of which (Windows operating system exploits) have been closed. The other two are Windows applications exploits aimed at Siemens Simatic Manager and the Siemens WinCC SCADA application, and controller exploits aimed at Siemens S70-300 and 400 series controllers", says the newswire.

Langner went on to say that Stuxnet has provided a model that less sophisticated hackers can copy in future attacks.

Attackers could, he claims, learn from Stuxnet which code to insert into the vulnerable controller to freeze it in its current operating state.

Such an attack, says Threatpost, would be hard to detect and require little knowledge of how the Siemens S7 controllers actually work. Fixing the holes is also difficult, because they are considered `features' of the Siemens controllers, rather than security holes.

What’s Hot on Infosecurity Magazine?