Wednesday, August 3, 2011

ICS-CERT Updates S7-300 Alert

Well, apparently the DHS Industrial Control System Cyber Emergency Response Team (ICS-CERT) has some one at the Black Hat conference in Las Vegas today. Today they updated the S7-300 PLC alert that they had revised last week with information (user name and password) that apparently was released by Beresford released in his presentation today. Well they didn’t actually provide the information; they just noted that he publicly released the information.

Today’s update also reports that ICS-CERT has independently confirmed that the reported vulnerability does not affect the S7-400 PLCs. Siemens had previously claimed that, but the level of public confidence in their security claims is not real high, so it is good to see ICS-CERT confirm their claim. Now if it just holds up past the next Beresford (or some other security researcher) look at the S7-400 PLCs…

No comments:

/* Use this with templates/template-twocol.html */