We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,714 News Articles

Siemens industrial-control security vulnerability could be disclosed today

Although a public talk about new vulnerabilities found in Siemens industrial control systems (ICS) was pulled yesterday from a conference agenda due to its sensitive nature, the head of the vulnerability-test group that discovered the security holes said it expects Siemens will soon have a fix and will be discussing it.

More on Siemens security problem: Siemens SCADA hacking talk pulled over security concerns

That disclosure about some types of Siemens programmable logic controllers (PLC) that are used for controlling factory floors and other industrial processes is expected later today, says Rick Moy, president of NSS Labs, which has identified what is believed to be a vulnerability in Siemens PLCs that could lead to compromise or denial-of-service attack against the equipment used by factories and energy-production companies.

Unlike the Stuxnet worm that last attacked the Windows-based management system for some Siemens SCADA systems last year in Iran, the vulnerability identified by NSS Labs is associated with the proprietary code in the Siemens PLC hardware.

Vulnerabilities in industrial-control gear have implications that could jeopardize human lives, Moy says, saying NSS Labs has been working with Siemens to help them come up with a patch for PLC gear, which has also been subject to review from the ICS CERT based at Idaho National Labs in the U.S.

"Everyone's waiting for Siemens," says Moy, who indicated more about the issues in Siemens PLC will be disclosed once Siemens is public with its findings and fix for its equipment. At that point, NSS Labs will be providing more detail, which it had been expected to be able to do at the TakeDownCon Conference. There, NSS Labs yesterday voluntarily cancelled its planned talk after it found out Siemens was not yet ready to go public with its information.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Samsung Galaxy Tab S 8.4 review: The best iPad mini and Nexus 7 rival tablet around

IDG UK Sites

Which Mac? Complete Apple Mac buyers guide for 2014

IDG UK Sites

Mobile email is powerful and useful - but also hopelessly intrusive

IDG UK Sites

Samsung lights up London skyline with Midnight Rainbow