Wednesday, July 6, 2011

ICS-CERT Publishes another Siemens Alert

Yesterday the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) published an alert for a vulnerability in the Siemens SIMATIC S7-200, S7-300, and S7-400 PLCs. ICS-CERT is reporting that this vulnerability is the same replay attack vulnerability that was included in the Dillon Beresford vulnerabilities identified in the S7-1200 SIMATIC PLCs. Actually this Alert provides more details about this particular vulnerability than did the earlier alert.

The replay vulnerability allows an attacker with access to the control system network to intercept the unencrypted password used in communications between the PLC and other control system elements. This could allow an attacker to make unauthorized changes to the PLC operation.

According to the Alert, ICS-CERT is working with Siemens to develop specific mitigation measures for this vulnerability and is recommending some generic security measures as an interim strategy for owners of these PLCs. Siemens has a document describing the vulnerability in these PLCs available on their web site.

This Alert comes at an inopportune time for Siemens. Last week at an automation conference Siemens had done a lot to convince the cyber security community that it had become more proactive in dealing with security issues. Then ICS-CERT published an Advisory Friday for a Siemens WinCC vulnerability and now this Alert, neither of which was addressed by Siemens last week at the Conference.

An interesting TWITTER conversation (See @digitalbond, @tofinosecurity, @mtoecker and @pjcoyle) had already developed this weekend about why Siemens had not announced the Friday vulnerability at the Conference that they knew would be reported by ICS-CERT the day after the conference ended. This Alert further calls into question Siemens commitment to openly discuss security issues with the ICS community and their customers.

No comments:

/* Use this with templates/template-twocol.html */