DOS, Backdoor, and Easter Egg Found In Siemens S7 121
chicksdaddy writes with a post in Threat Post. From the article: "Dillon Beresford used a presentation at the Black Hat Briefings on Wednesday to detail more software vulnerabilities affecting industrial controllers from Siemens, including a serious remotely exploitable denial of service vulnerability, more hard-coded administrative passwords, and even an easter egg program buried in the code that runs industrial machinery around the globe. In an interview Tuesday evening, Beresford said he has reported 18 separate issues to Siemens and to officials at ICS CERT, the Computer Emergency Response Team for the Industrial Control Sector. Siemens said it is readying a patch for some of the holes, including one that would allow a remote attacker to gain administrative control over machinery controlled by certain models of its Step 7 industrial control software."
Embedded systems may not need much of an OS (Score:5, Interesting)
I didn't know Siemens S7 was running under ancient operating systems. :-)
I don't know about S7, never having used it. But you might be surprised about what sort of real-time control systems still run on operating systems like DOS, using the operating system solely as a vehicle for occasional access to storage, because DOS lets the program take over so much of the computer's execution. Google embedded dos [google.com] and be surprised.
Queue Comments on Internet .. 3 .. 2 .. 1 (Score:5, Interesting)
As TFA points out, even air gapping the control and business networks doesn't always work. And in every plant I have worked in (except one*) over the last XXX number of years, I have been freely allowed to load up any file I wanted (using my own USB flash drive) into the control network. I believe my equipment is free of viruses, but with the sophistication of Stuxnet, who can tell what the next generation of industrial sabotage tools will be like and if/how they can be detected by current technology. So I can only assume that I have not caused any issues for my clients.
[*] The exception was a plant where there was some controls software running on a VM that was on a server under control of the IT department. The only way *I* could get files onto that box was to upload them to a public directory and let the corporate system check them and drop them off on the other side of the firewall. Unless of course I handed by USB key to the client and said "Can you directly drop these files on the server for me???"