We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Siemens industrial-control security vulnerability could be disclosed today

Although a public talk about new vulnerabilities found in Siemens industrial control systems (ICS) was pulled yesterday from a conference agenda due to its sensitive nature, the head of the vulnerability-test group that discovered the security holes said it expects Siemens will soon have a fix and will be discussing it.

More on Siemens security problem: Siemens SCADA hacking talk pulled over security concerns

That disclosure about some types of Siemens programmable logic controllers (PLC) that are used for controlling factory floors and other industrial processes is expected later today, says Rick Moy, president of NSS Labs, which has identified what is believed to be a vulnerability in Siemens PLCs that could lead to compromise or denial-of-service attack against the equipment used by factories and energy-production companies.

Unlike the Stuxnet worm that last attacked the Windows-based management system for some Siemens SCADA systems last year in Iran, the vulnerability identified by NSS Labs is associated with the proprietary code in the Siemens PLC hardware.

Vulnerabilities in industrial-control gear have implications that could jeopardize human lives, Moy says, saying NSS Labs has been working with Siemens to help them come up with a patch for PLC gear, which has also been subject to review from the ICS CERT based at Idaho National Labs in the U.S.

"Everyone's waiting for Siemens," says Moy, who indicated more about the issues in Siemens PLC will be disclosed once Siemens is public with its findings and fix for its equipment. At that point, NSS Labs will be providing more detail, which it had been expected to be able to do at the TakeDownCon Conference. There, NSS Labs yesterday voluntarily cancelled its planned talk after it found out Siemens was not yet ready to go public with its information.

Read more about wide area network in Network World's Wide Area Network section.

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model