[ISN] Siemens fixes security flaws in SCADA industrial control systems

From: InfoSec News <alerts_at_private>
Date: Tue, 14 Jun 2011 00:12:13 -0700 (MST)
http://news.techworld.com/security/3285507/siemens-fixes-security-flaws-in-scada-industrial-control-systems/

By Robert McMillan
Techworld.com
13 June 11

Siemens has fixed bugs in its Simatic S7 industrial computer systems, used 
to control machines on factory floors, power stations and chemical plants.

The patches, released Friday, mark Siemens' first response to a high 
profile computer security incident since the Stuxnet worm, which was 
discovered a year ago circulating on computer networks in Iran.

Siemens fixed a pair of flaws in the S7-1200 controller, acknowledging 
that one could be leveraged to take control of the system using what's 
known as a replay attack. A second flaw, in a web server that ships with 
the device, could give attackers a way to crash the system. However, the 
attacker would have to first find a way onto the victim's network before 
launching these attacks.

Siemens had been scrambling to fix the bugs since they were discovered 
earlier this year by Dillon Beresford, a researcher with security vendor 
NSS Labs. Beresford had hoped to discuss the issues at a hacking 
conference in May, but pulled out of the event when it became clear that 
Siemens could not fix the problem in time.

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Tue Jun 14 2011 - 00:12:13 PDT

This archive was generated by hypermail 2.2.0 : Tue Jun 14 2011 - 00:30:42 PDT