• Subscribe
  • Products
  • Factory
  • Process
    1. Products
    2. Control

    Update on Siemens S7 PLC Vulnerabilities

    June 13, 2011
    Malware like Stuxnet is not the reason for software vulnerabilities in Siemens S7-1200 programmable logic controllers. According to the automation company, a new firmware update fixes a weakness found in the communications function. 
    Automation supplier Siemens Industry Inc., in Alpharetta, Ga. has released a firmware update for its S7-1200 PLC that reportedly eliminates vulnerabilities and improves the security and robustness of the product family. In a statement released June 13, 2011, company spokesman Micheal Krampe said, “Despite recent news reports, Siemens latest software vulnerabilities are not caused by malware (like Stuxnet), but by a weakness in communication functions of its programmable logic controller (PLC) product, called S7-1200. The vulnerability was discovered by an NSS Labs researcher and resulted in an ICS-CERT security advisory.”
    At this point, Siemens is not aware of any customers affected by the identified weak points found in its S7-1200 PLCs, said Krampe. “The company would like to emphasize that it is fully committed to maintaining the highest quality products with the most stringent security standards. Siemens experts have been working closely with ICS-CERT and various user communities to continuously improve the Siemens industrial controller products,” he added. 
    Siemens continues to recommend to all its customers that they implement appropriate security measures, such as firewalls, secure switches and gateways to separate vulnerable computer hardware from the actual PLCs. The company provides additional security advice and recommendations at www.siemens.com/industrialsecurity.
    As a further precaution, Krampe said Siemens controllers, including the S7-300/400 families, are being tested against the discovered vulnerability scenarios. “Today, Siemens can already exclude any vulnerability of the S7-300/400 against the ‘denial of service’ scenario,” he said. “Ongoing and extensive tests of further security scenarios are currently underway in our R&D labs. Depending on the results of those tests, the company will react accordingly. If any customers have concerns that an unauthorized person has been able to record an online communication between the engineering PC and the PLC, the company recommends an immediate change to the PLC password.”
    To download the S7-1200 firmware update (which is available as of June 10, 2011) and to obtain more detailed information, visit: www.siemens.com/networkbehavior-S7-1200.
    Renee Robbins Bassett, [email protected]

    Continued Reading

    Sponsored Recommendations

    Strategizing for sustainable success in material handling and packaging

    Download our visual factory brochure to explore how, together, we can fully optimize your industrial operations for ongoing success in material handling and packaging. As your...

    A closer look at modern design considerations for food and beverage

    With new and changing safety and hygiene regulations at top of mind, its easy to understand how other crucial aspects of machine design can get pushed aside. Our whitepaper explores...

    Fueling the Future of Commercial EV Charging Infrastructure

    Miguel Gudino, an Associate Application Engineer at RS, addresses various EV charging challenges and opportunities, ranging from charging station design strategies to the advanced...

    Condition Monitoring for Energy and Utilities Assets

    Condition monitoring is an essential element of asset management in the energy and utilities industry. The American oil and gas, water and wastewater, and electrical grid sectors...