The Inquirer-Home

Siemens patches industrial controller flaws, but weaknesses remain

There's still work to do
Mon Jun 13 2011, 16:58

GERMAN INDUSTRIAL GIANT Siemens has announced patches for flaws in its equipment claimed to be serious enough to enable hackers to take over industrial systems, but it's not the end of the matter.

In a statement on its web site, the multi-national firm said there is a firmware update available for its S7-1200 programmable logic controller (PLC). NSS Labs researcher Dillon Beresford had discovered flaws in the devices, which are used for important functions such as control and monitoring of industrial valves, power plants and traffic lights.

Although not directly related, S7 model PLCs were also the devices that the Stuxnet worm looked to take control of and reprogram. Many believe that Stuxnet was created by the US and Israel to inflict damage on Iran's nuclear fuel refining programme.

Siemens said that the patches address two particular vulnerabilities that left the devices open to replay and denial-of-service (DoS) attacks. Siemens said that special communication with a network scanner could cause the controllers to revert to a 'stop' or defective state.

The firm said, "The latest firmware update for the S7-1200 will offer corrective action for enhancing protection against replay attacks as well as increased stability when facing the above-mentioned denial-of-service scenario."

However, the United States Computer Emergency Readiness Team (US-CERT) claimed that the security patch only addresses "a portion" of the flaws, although it confirmed the effectiveness of the patches and was working with Beresford and Siemens on other problems. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015