http://arstechnica.com/security/2012/07/industial-bugs-exploited-by-stuxnet-fixed/ By Dan Goodin Ars Technica July 23 2012 German conglomerate Siemens on Monday said it has fixed vulnerabilities in its software products that appeared to be identical to those that allowed the Stuxnet computer worm to disrupt Iran's nuclear program. In advisories published here and here, Siemens said it updated its Simatic Step7 and Simatic WinCC software applications to "address vulnerabilities first discovered in 2010." That was the same year the Stuxnet worm was discovered burrowing into industrial control systems in Iran and other countries throughout the world. According to Siemens, the Step7 update fixes a loading mechanism for Windows Dynamic Link Library files that can be hacked to force systems into executing malicious code. "An attacker can place arbitrary library files into Step7 project folders which will be loaded on Step7 at start-up without validation," one of the Siemens advisories stated. "The code will be executed with the permissions of the Step7 application." [...] -- Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online. Come to a free class and see how good and fun the program really is. http://www.expandingsecurity.com/PainPillReceived on Tue Jul 24 2012 - 02:03:03 PDT
This archive was generated by hypermail 2.2.0 : Tue Jul 24 2012 - 02:20:44 PDT