Serious security holes in Siemens Control Systems

More Siemens vulnerabilities have come to light. See the article at Ars for more info http://arstechnica.com/security/news/2011/08/serious-security-holes-found-in-siemens-control-systems-targeted-by-stuxnet.ars

Seems like good security basics on securing the perimeter and general environment are key per the pattern we put together a while back

Update 3rd October 2011

One of our contributors to OSA (thanks Herbert) has studied the Siemens S7 vulnerabilities mentioned. He comments that:

"for native communication via RFC 1006 (=TCP102) you don't need any authentication, so an S7 CPU should be always protected by defense in depth".

Please see http://www.us-cert.gov/control_systems/ for more details

  • Created on .