Siemens Patches SCADA System Vulnerabilities

Tuesday, June 14, 2011



Siemens announced the company has issued a fix for at least some of the Supervisory Control and Data Acquisition (SCADA) vulnerabilities that threaten the security of critical infrastructure control networks.

SCADA systems provide operations control for critical infrastructure and production networks including manufacturing facilities, refineries, hydroelectric and nuclear power plants, and the information in Beresford's presentation would have exposed previously undisclosed threats.

The remediation of the vulnerabilities are the company's first documented mitigation actions since the debut of the Stuxnet virus last year, which targeted Siemens programmable logic controllers (PLCs).

Stuxnet is a highly sophisticated designer-virus that wreaks havoc with SCADA systems, and the Stuxnet virus is thought to have caused severe damage to Iranian uranium enrichment facilities which reportedly set back the nation's nuclear program several years.

Siemens issued fixes for at least two vulnerabilities in the company's S7-1200 controllers, one of which could have allowed for attackers to take control of control systems via what is dubbed as a "replay attack".

The second was a weakness in the system's web server which could have presented the opportunity for attackers to crash the SCADA networks alltogether.

Siemens was prompted to take swift action after security researcher Dillon Beresford cancelled a scheduled presentation at the Takedown Conference in Dallas where he planned to reveal an exploit proof-of-concept aimed at Siemens controllers.

Beresford made the decision to cancel the scheduled presentation after consulting with representatives from Siemens and the Department of Homeland Security over security concerns.

Beresford subsequently issued some harsh criticism regarding the manner in which Siemens was handling the disclosure of the vulnerabilities. Siemens had attempted to characterize the exploit as being highly sophisticated developed under an artificial set of circumstances that would be difficult for a supposed attacker to recreate.

Beresford had countered Siemens' assertions, stating that the exploits were not of a sophisticated nature, stating that "the flaws are not difficult for a typical hacker to exploit because I put the code into a series of Metasploit auxiliary modules, the same ones supplied to ICS-CERT and Siemens."

Beresford indicated he was not privy to exactly which of the six vulnerabilities he discovered had been mitigated, but stated that the "replay attack" fix was probably one of the most critical, along with one other that has yet to be patched.

Siemens is pursuing fixes for other vulnerabilities identified, stating "we are currently testing all systems including S7-300 and 400 in replay scenarios. Depending on the results of those tests, we will have to react accordingly," a Siemens spokesman said.

Possibly Related Articles:
SCADA Vulnerabilities Stuxnet Headlines Network Security Infrastructure Siemens Programmable Logic Controllers Dillon Beresford
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.