More Possible Siemens Vulnerabilities

Monday, July 25, 2011 @ 07:07 PM gHale

An independent security researcher on Saturday revealed a vulnerability affecting the Siemens S7-300 and S7-400 PLCs, according to the Industrial Control System Cyber Emergency Response Team (ICS-CERT).

The researcher said he was able to achieve a command shell using credentials he was able to acquire from the PLC. So far, the claim has not yet been verified by ICS-CERT or Siemens.

Web Sites to Find if You’re a Target
Siemens PLC Security Alert
WinCC Vulnerabilities Patched
Attack Vector: Buffer Overflows Top Threat

ICS-CERT is currently coordinating with Siemens to validate the claim and develop mitigations.

Additional information regarding the validity, impact, and mitigations will come out as soon as they are available.

Siemens S7-300 and S7-400 PLCs see use in a wide variety of industrial applications worldwide.

Siemens has had a tough run as of late as security experts found a potential security weakness in the programming and configuration client software authentication mechanism used by the Siemens SIMATIC S7 family of programmable controllers, including the S7-200, S7-300, S7-400, and the S7-1200.

The potential exists for an attacker with access to the product or the control system communication link, to intercept and decipher the product’s password and potentially make unauthorized changes to the product’s operation.

In addition, there were exploitable crashes found in the Siemens SIMATIC WinCC SCADA product. Specially crafted files can cause memory corruption or pointer issues, which can cause the system to crash.

Also, Stuxnet exploited vulnerabilities in Siemens systems. That targeted attack could have happened to any one of the vendors. It just happened the Iranian nuclear site was running Siemens products.

As a result of his highly complex and impressive piece of software, security professionals will link Siemens and Stuxnet for years to come.

One Response to “More Possible Siemens Vulnerabilities”

  1. […] More Possible Siemens Vulnerabilities (ISS Source 25/7/2011) […]

Leave a Reply

You must be logged in to post a comment.