• Subscribe
  • Products
  • Factory
  • Process
    1. Products
    2. Control

    Update on Siemens S7 PLC Vulnerabilities

    June 13, 2011
    Malware like Stuxnet is not the reason for software vulnerabilities in Siemens S7-1200 programmable logic controllers. According to the automation company, a new firmware update fixes a weakness found in the communications function. 
    Automation supplier Siemens Industry Inc., in Alpharetta, Ga. has released a firmware update for its S7-1200 PLC that reportedly eliminates vulnerabilities and improves the security and robustness of the product family. In a statement released June 13, 2011, company spokesman Micheal Krampe said, “Despite recent news reports, Siemens latest software vulnerabilities are not caused by malware (like Stuxnet), but by a weakness in communication functions of its programmable logic controller (PLC) product, called S7-1200. The vulnerability was discovered by an NSS Labs researcher and resulted in an ICS-CERT security advisory.”
    At this point, Siemens is not aware of any customers affected by the identified weak points found in its S7-1200 PLCs, said Krampe. “The company would like to emphasize that it is fully committed to maintaining the highest quality products with the most stringent security standards. Siemens experts have been working closely with ICS-CERT and various user communities to continuously improve the Siemens industrial controller products,” he added. 
    Siemens continues to recommend to all its customers that they implement appropriate security measures, such as firewalls, secure switches and gateways to separate vulnerable computer hardware from the actual PLCs. The company provides additional security advice and recommendations at www.siemens.com/industrialsecurity.
    As a further precaution, Krampe said Siemens controllers, including the S7-300/400 families, are being tested against the discovered vulnerability scenarios. “Today, Siemens can already exclude any vulnerability of the S7-300/400 against the ‘denial of service’ scenario,” he said. “Ongoing and extensive tests of further security scenarios are currently underway in our R&D labs. Depending on the results of those tests, the company will react accordingly. If any customers have concerns that an unauthorized person has been able to record an online communication between the engineering PC and the PLC, the company recommends an immediate change to the PLC password.”
    To download the S7-1200 firmware update (which is available as of June 10, 2011) and to obtain more detailed information, visit: www.siemens.com/networkbehavior-S7-1200.
    Renee Robbins Bassett, [email protected]

    Continued Reading

    Sponsored Recommendations

    Rock Quarry Implements Ignition to Improve Visibility, Safety & Decision-Making

    George Reed, with the help of Factory Technologies, was looking to further automate the processes at its quarries and make Ignition an organization-wide standard.

    Water Infrastructure Company Replaces Point-To-Point VPN With MQTT

    Goodnight Midstream chose Ignition because it could fulfill several requirements: data mining and business intelligence work on the system backend; powerful Linux-based edge deployments...

    The Purdue Model And Ignition

    In the automation world, the Purdue Model (also known as the Purdue reference model, Purdue network model, ISA 95, or the Automation Pyramid) is a well-known architectural framework...

    Creating A Digital Transformation Roadmap Using A Unified Namespace

    Digital Transformation has become one of the most popular buzzwords in the automation industry, often used to describe any digital improvements to industrial technology. But what...