Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Security Bug IT

Siemens Fixes SCADA Flaws 36

Posted by Soulskill from the and-so-soon dept.
itwbennett writes "Siemens has fixed a pair of bugs in its S7-1200 controller, which is used to control machines on factory floors, power stations and chemical plants. The bugs were discovered earlier this year by NSS researcher Dillon Beresford, who planned to disclose the bugs at Black Hat in August. The US Department of Homeland Security said that Siemens' patches fix 'a portion' of the problems Beresford has discovered and that it 'continues to work with Siemens and Mr. Beresford on the other reported problems.'"
This discussion has been archived. No new comments can be posted.

Siemens Fixes SCADA Flaws More

Siemens Fixes SCADA Flaws

Comments Filter:

  • Re:Firewalls (Score:4, Interesting)

    by thegarbz ( 1787294 ) on Saturday June 11, 2011 @01:45AM (#36409130)

    There's still the chance of some prick tossing sand in from the other box.

    If there is then you haven't set it up properly. These aren't enterprise firewalls designed to allow maximum user friendlies while limiting a small set of nasties from entering from the outside. These are default deny all, and on a very select case by case basis allow one way data back out to certain machines on certain ports.

    This is several layers deep in a corporate network, the firewall gear is not part of the standard package, the data historian or other products that rely on data from the process networks are not part of a standard package, so you'd need to penetrate in at least that far just to see what you're up against next. To get through something like this you would need to know details beforehand.

    For any attack like this to be feasible you would need rather large amounts of inside information. If you're that close to the inside information chances are you're within touching distance of the control system itself, in which case nothing is usually safe

  • Re:Firewalls (Score:2, Interesting)

    by Anonymous Coward on Saturday June 11, 2011 @02:01AM (#36409200)

    In my experience vendors of SCADA management tools are never able to exactly tell me which firewall ports need to be open to enable their applications to work. Most firewalls will end up looking as Swiss cheese (enabling all communications from one IP address to another).

    Good luck with your security ... It usually takes about 2 firewall hops to go from the internal Internet connected network to the SCADA network.

    Most of those management servers are now web-based (or web services based), but are never tested for web application security.

Slashdot Top Deals

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Close