Serious security holes in Siemens Control Systems

More Siemens vulnerabilities have come to light. See the article at Ars for more info

Seems like good security basics on securing the perimeter and general environment are key per the pattern we put together a while back

Update 3rd October 2011

One of our contributors to OSA (thanks Herbert) has studied the Siemens S7 vulnerabilities mentioned. He comments that:

"for native communication via RFC 1006 (=TCP102) you don't need any authentication, so an S7 CPU should be always protected by defense in depth".

Please see for more details