Another weakness has been identified in a Siemens AG industrial control software that would allow remote attackers to intercept and decipher passwords and change device configuration settings, according to a recent advisory.
The “potential security weakness” in the Siemens Simatic S7 programmable logic controllers was found in the programming and configuration client software authentication mechanism, Siemens AG said in an advisory to customers on July 5. The affected mechanism is used in the S7-200, 300, 400 and S7-1200 controller systems.
Ever since the Stuxnet worm first emerged, the industry has begun examining the security of SCADA systems and found them quite lacking. In the past, it didn’t matter so much because they were not networked or accessible remotely, Eric Knapp, director of critical infrastructure markets for NitroSecurity, told eWEEK. As that is no longer the case, these critical systems are increasingly becoming at risk.
Siemens has identified a number of vulnerabilities in its SCADA controllers this year and is patching them.
Attackers with access to the vulnerable Simatic can decipher the system’s password and potentially make unauthorized changes to the product, according to the Advisory. While Siemens did not elaborate on the vulnerability, it said attackers would be able to carry out “record and replay” attacks where specific commands are captured while in transit on the affected system and then resent in an uncontrolled manner.
Customers are advised to restrict physical and logical access to the Simatic Industrial Automation products to authorized personnel for the time being while it works on a fix for the affected software module. Customers are also advised to implement a layered security model to protect the system from unauthorized access and blocking traffic from anything outside a trusted zone trying to talk to reach systems.