ID: IRCNE2011051119
Date: 2011-05-21
According to “ComputerWorld”, Siemens is working on a fix for some serious vulnerabilities recently discovered in its industrial control system products.
The company said Thursday that it was testing patches for the issues. Siemens didn't say when it expected to fix the problems. "Our team continues to work diligently on this issue -- also together with both NSS Labs and ICS CERT. We are in the process of testing patches and developing mitigation strategies," Siemens said in a statement.
Industrial control systems have come under increased scrutiny in the year since the Stuxnet worm was discovered. Stuxnet, thought to have been built to disrupt Iran's nuclear program, was the first piece of malware built with industrial systems in mind, and it targeted a Siemens system.
While Siemens may be developing patches, installing them will be another issue entirely. Industrial systems are difficult to patch; entire production lines may have to be taken offline for a fix to be rolled out, and that can take months of planning. Many factories run old, unpatched systems and it's still common to see unsupported systems such as Windows 2000 on the factory floor.
Not much is known about the Siemens bugs themselves, but in an interview Wednesday, CEO of NSS Labs described them as serious enough to allow hackers to control a Siemens PLC system.
- 5