Researcher demonstrates weaknesses in industrial management system
A security researcher has discovered new vulnerabilities in a Siemens industrial management system used to automate processes. According to experts, this could possibly be abused via the internet.
The researcher, Dillon Beresfordwho works at NSS Labs, showed during a demonstration at the Black Hat security conference how some of the vulnerabilities he found could be exploited to launch an attack on the so-called Siemens Simatic Step 7 system.
The demo showed that it is possible to read or store data from the memory of PLCs, even when password protection is active. In theory this makes it possible to read information from the PLC remotely, to overwrite commands or to intercept passwords. It is also possible to generate false output, so that an operator does not notice anything. An operator could also be simply sidelined by changing the password.
The NERC, which oversees the reliability of the electricity grid in North America, is said to have issued a warning in response to the demonstration. As a result of the presentation to the ICS-CERT, ICS-CERT has also bell pulled because Beresford cracked and revealed a hardcoded password in the Siemens system. This could encourage attackers to look for susceptible Siemens systems. The Stuxnet worm that hit the headlines last year supposedly worked in a similar way.
Siemens is said to be working on a solution. It is not known whether these are completely new vulnerabilities or whether they are the same security vulnerabilities that were previously exploited by Stuxnet. Beresford was supposed to give a presentation on this subject in May this year, but canceled it at the last minute under pressure from Siemens and the US government.