Sign in / up

back to article Siemens sighs: SCADA bugs abound

Another security advisory covering Siemens industrial kit has reached the public, this time covering wireless industrial networking hardware. ICS-CERT advises that the Ruggedcom range of 802.16e (Wimax, for those with long memories) switches from the company carries a range of vulnerabilities that let attackers scam admin …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. thames

    I'm not sure how much this kit is actually used in industry. I've bought and installed a lot of Siemens industrial control hardware, but I've never even seen any of their industrial networking (not counting Profibus or Profinet) hardware. Users seemed to go for either IT type equipment, or they used other industrial brands. The Siemens stuff always seemed to be massively overpriced for what you got, and there's really no perception that their kit is any better quality (at least not these days).

    0 0 Reply
    1. Christian Berger
      Reply Icon

      Yes, but that's not the point to learn from this

      The point is, that where ever you look for bugs in that field, you will find them. It's just not an area where people work who have grown up with well designed systems. It's more or less an echo chamber where bad ideas re-inforce themselves.

      Plus Siemens can't do software/firmware. I've been at a daughter of Siemens and the state of the art of software design is truly bad, both with what get shipped to the customer and what's used internally.

      2 0 Reply
      1. big_D Silver badge
        Reply Icon

        Re: Yes, but that's not the point to learn from this

        Yeah, I had a Siemens ISDN TA with DECT and it needed Windows XP for its control software - for a piece of kit still being sold in 2012! Windows 7 + XP Mode wouldn't work, because the software didn't use the USB bus properly and the virtual USB drivers wouldn't allow access to the ISDN TA. I had to recomission an old XP laptop just to administer the thing! Since then, we've moved onto a pure VOIP system and don't need the ISDN TA any more.

        Likewise, at work, we have a key-card entry system. We bought that in 2011 and it would only run on XP at the time and couldn't be installed on a terminal server.

        The same for the telephone system we have at work, a Siemens HiPath, the software looks like it hasn't been updates since 1995.

        0 0 Reply
        1. Kris Akabusi
          Reply Icon

          Re: Yes, but that's not the point to learn from this

          Likewise, at work, we have a key-card entry system. We bought that in 2011 and it would only run on XP at the time and couldn't be installed on a terminal server.

          Doesn't that show a lack of forward thinking on whoever bought the key card system?

          0 0 Reply
      2. Mark 65
        Reply Icon

        Re: Yes, but that's not the point to learn from this

        I know the old "never attribute to malice that which can be adequately explained by incompetence" but are these bugs Siemens bugs or NSA bugs? It is networking kit after all.

        1 0 Reply
        1. Dan 55 Silver badge
          Reply Icon

          Re: Yes, but that's not the point to learn from this

          It's SCADA, it's incompetence.

          Before SCADA hardware was controlled over its own dedicated network which afforded some level of security (through obscurity) then some bright spark decided it would be a good idea to just to stick it all on TCP/IP. And so a field little prepared for security issues suddenly had to deal with them.

          2 0 Reply
          1. Fatman
            Reply Icon

            Re: Yes, but that's not the point to learn from this

            Before SCADA hardware was controlled over its own dedicated network which afforded some level of security (through obscurity) then some bright spark brain dead MBA looking to "Increase Shareholder Value" decided it would be a good idea to just to stick it all on TCP/IP connect this shit to the internet without a complete understanding of the ramifictions of such OPEN and UNSECURED ACCESS.

            FTFY!!!

            1 0 Reply
  2. jake Silver badge

    SCADA is only an issue when manglement runs[1] the network, instead of network engineers..

    If you have clues, you roll out your own scripts to handle the hardware that your systems need. Note that ALL SCADA kit can be controlled with simple scripting, it doesn't need anything resembling a GUI.

    [1] For values of "runs" that means "must purchase Redmond and/or Cupertino, or we will DIEEEEE!!!!11!!00!one0!!zero010etc".

    1 4 Reply
    1. Fatman
      Reply Icon

      Re: SCADA is only an issue when manglement runs[1] the network, instead of network engineers..

      You have left out an important letter in this statement:

      SCADA is only an issue when manglement runs[1] the network, instead of network engineers..

      The corrected version (missing letter included) is:

      SCADA is only an issue when manglement ruIns[1] the network, instead of network engineers..

      There! better!

      2 0 Reply
  3. John Smith 19 Gold badge
    FAIL

    Given the penalty for failure you'd think the kit would get *better* testing than home stuff.

    But apparently not.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like