Siemens fixes industrial flaws found by hacker

But the company isn't clear on whether more bugs need to be patched

Siemens has fixed bugs in its Simatic S7 industrial computer systems, used to control machines on factory floors, power stations and chemical plants.

The patches, released Friday, mark Siemens' first response to a high-profile computer security incident since the Stuxnet worm, which was discovered a year ago circulating on computer networks in Iran.

Siemens fixed a pair of flaws in the S7-1200 controller, acknowledging that one could be leveraged to take control of the system using what's known as a replay attack. A second flaw, in a Web server that ships with the device, could give attackers a way to crash the system. However, the attacker would have to first find a way onto the victim's network before launching these attacks.

Siemens had been scrambling to fix the bugs since they were discovered earlier this year by Dillon Beresford, a researcher with security vendor NSS Labs. Beresford had hoped to discuss the issues at a May hacking conference in Dallas, but pulled out of the event when it became clear that Siemens could not fix the problem in time.

His company said that talking about the bugs was too risky and decided instead to disclose the issues in August at the Black Hat security conference.

In an interview Friday, Beresford said it wasn't clear how many of the six vulnerabilities he'd discovered had been patched. That will require further testing. He said the replay attack that Siemens patched Friday is one of the most serious of the bugs, but there is at least one other equally serious problem that may not yet be fixed.

The U.S. Department of Homeland Security said that Siemens' patches fix "a portion" of the problems Beresford has discovered and that it "continues to work with Siemens and Mr. Beresford on the other reported problems."

Siemens seemed to downplay the severity of the issues -- something it has done in the past. In its security advisory, the company noted that Beresford's research was done in "laboratory conditions and without any IT security measures in place."

On its website, the company said that the denial-of-service attack did not affect its S7-300 and S7-400 controllers, but Siemens didn't say whether these devices are vulnerable to the replay attack. "We are currently testing all systems including S7-300 and 400 in replay scenarios," a Siemens spokesman said Friday via e-mail. "Depending on the results of those tests, we will have to react accordingly."

Beresford says that the 300 and 400 models could also be hit by this attack and the replay attack is more serious than the Siemens advisory would lead one to believe -- an attacker could take "full control" over the Siemens system.

Siemens gets high marks for quickly patching Beresford's bugs, but the company could still do a better job in communicating with its customers, said Eric Byres, chief technology officer with Byres Security, a Lantzville, British Columbia, company that sells industrial security products. "Their PR department has still got a lot of lessons to learn," he said. "They're not being clear and forthcoming on what the issues are."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags siemensNSS LabsByres SecuritysecurityManufacturingenergyindustry verticalsExploits / vulnerabilities

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?