Siemens SCADA Flaws To Be Disclosed At Black Hat

Posted by timothy on Tuesday June 7, 2011 @12:11AM from the infra-infrastructure dept.

itwbennett writes "In May, NSS Labs Researcher Dillon Beresford pulled out of a Dallas hacking conference at the last minute when Siemens was unable to fix problems he'd found in the firmware of its S7 programmable logic controller. Now NSS Labs CEO Rick Moy says Beresford is rescheduled to deliver his talk at Black Hat, which runs Aug. 2-3. Beresford has discovered six vulnerabilities in the S7 that 'allow an attacker to have complete control of the device,' Moy said. Devices like the S7 do things such as control how fast a turbine spins or open gates on dams."

1 of 101 comments (clear)

Min score:

Reason:

Sort:

fearmongering? by Anonymous Coward · 2011-06-07 00:29 · Score: 2, Informative

I've worked with Siemens' S7 and SiMotion systems, and i've never seen a single company attach them to a large computer network inside their company.
The only ways to reprogram S7 or SiMotion is by either connecting to an ethernet / profinet connection the machines are on, or by acquiring physical access and establishing a serial connection.