FORUMS
PRICEWATCH
VIDEOS
Siemens to fix vulnerabilities in industrial control systems
Reported by Dean Wilson on Friday, December 23 2011 11:04 pm
Siemens has revealed that it is developing security fixes for a number of vulnerabilities in its industrial control products, which could be used by hackers to knock out critical infrastructure like electricity grids, water supplies, oil rigs, hospitals and nuclear facilities.
Siemens has revealed that it is developing security fixes for a number of vulnerabilities in its industrial control products, which could be used by hackers to knock out critical infrastructure like electricity grids, water supplies, oil rigs, hospitals and nuclear facilities.
One of the vulnerabilities, exposed by security researcher Billy Rios, allows hackers to bypass password protections on web interfaces, breaking down the most basic layer of security on the control systems. Rios said that this authentication bypass could be used by anyone with basic skills, not just experienced hackers.
Siemens industrial control systems are used throughout the world in a wide variety of industries. The potential risks associated with them were first highlighted in 2010 when the Stuxnet virus infected Siemens control systems used by Iran, crippling its nuclear facilities.
While the Stuxnet incident is believed to have been orchestrated by a government, security researchers are becoming increasingly concerned that hacker groups could target essential infrastructure and cause significant damage, such as a potential threat to the world's oil supply.
Siemens said that it has not yet seen any exploits of these vulnerabilities, but it has developed some fixes for them and will release a security update in January.
Source: Reuters
ARTICLE NAVIGATOR
