IDG News Service – (International) Siemens software targeted by Stuxnet still full of holes. Software made by Siemens and targeted by the Stuxnet malware is still full of other dangerous vulnerabilities, according to researchers. The CTO of Positive Technologies was scheduled to give a presentation in July at Defcon, but it was pulled after Siemens asked for more time to patch its WinCC software. WinCC is a type of supervisory control and data acquisition (SCADA) system, which is used to manage various industrial processes in factories and energy utilities. The type of software underpins much of what is considered critical infrastructure by countries. The CTO agreed to suspend his presentation at Defcon, but presented an overview of his WinCC research at the Power of Community security conference November 8. He withheld the specific details of the vulnerabilities, since Siemens has not released patches. His team has found more than 50 vulnerabilities in WinCC's latest version, he said in an interview. Most are problems that would allow an attacker to remotely take over a WinCC system. He showed how, when an industrial system operator uses the same browser to access both the open Internet and WinCC's web interface, a vulnerability can be exploited to obtain login credentials for the back-end SCADA network.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
Discover a Better Way to SCA
Forrester evaluated 10 SCA providers and recognized Sonatype with the highest possible scores. Learn why Sonatype was named a leader in Forrester Wave™ for SCA.