Serious security holes in Siemens Control Systems
More Siemens vulnerabilities have come to light. See the article at Ars for more info http://arstechnica.com/security/news/2011/08/serious-security-holes-found-in-siemens-control-systems-targeted-by-stuxnet.ars
Seems like good security basics on securing the perimeter and general environment are key per the pattern we put together a while back
Update 3rd October 2011
One of our contributors to OSA (thanks Herbert) has studied the Siemens S7 vulnerabilities mentioned. He comments that:
"for native communication via RFC 1006 (=TCP102) you don't need any authentication, so an S7 CPU should be always protected by defense in depth".
Please see http://www.us-cert.gov/control_systems/ for more details
- Created on .