back to article Siemens squashes Stuxnet-like bugs in SCADA kit

Siemens has corked vulnerabilities in its industrial control kit similar to those exploited by the infamous Stuxnet worm. Security bugs on the German manufacturer's Simatic Step 7 and Simatic PCS 7 SCADA control software created a means to load malicious dynamic-link library (DLL) files. This is the type of flaw exploited by …

COMMENTS

This topic is closed for new posts.
  1. JohnG

    Will the Iranians get the fixes?

    IIRC, a Siemens spokesman said that they had not supplied Simatic and the associated kit to Iran - so, I wonder if the Iranians will get the fixes.

    1. Anonymous Coward
      Anonymous Coward

      Re: Will the Iranians get the fixes?

      They'll get them from tpb ;P

    2. Matt Bryant Silver badge
      Devil

      Re: Will the Iranians get the fixes?

      Much more fun to get them all paranoid by suggesting that, now that it is known what SCADA kit the Iranians are using, the Big Bad Great Satan might have put pressure on Siemens to put a backdoor into the update....

      1. Anonymous Coward
        Anonymous Coward

        Re: Will the Iranians get the fixes?

        With the 'quality' of software design used by Siemens, and the reliance on Windows with its ever so helpful reboot-on-most-patches behaviour on a 24/7 application, I don't think there is any need to add one more custom orifice to the collection!

    3. Morten Bjoernsvik

      Re: Will the Iranians get the fixes?

      Even though Siemens is not directly involved with the Iranians, they surely have a subcontracted subcontractor somewhere. All so obscured no one can find the connection.

  2. Anonymous Coward
    FAIL

    "a means for hackers to get into targeted systems using default credentials."

    Epic fail.

    That is all.

  3. Anonymous Coward
    Anonymous Coward

    really? they finally found their hole(s)??

    one would think that this would have been a top priority but obviously it isn't... but then again, they are providing tech to those who seek to use it for gains that others are attempting to prevent them from gaining... can we say catch22? or maybe we should be questioning the act of selling this tech to those with these goals in mind? of course, on the path to a one society world, this is something completely different... or is it? can we spell "coldwar"?

  4. Anonymous Coward
    Anonymous Coward

    Why Windows

    and not something with insane uptime like VMS?

  5. Nameless Faceless Computer User
    FAIL

    I've got a question

    How can a SCADA system be allowed to become infected? Why would anyone use Microsoft software where security is important? ok, that's two questions.

This topic is closed for new posts.

Other stories you might like