Siemens

Stuxnet News Coverage

A summary of news articles on the game changing Stuxnet malware.

Note: Visit Stuxnet Central for more information on Stuxnet.

Tiny Tofino Logo indicates articles that contain news about Tofino Security, the Tofino Industrial Security Solution or that contain quotes from Eric Byres. 

IN11-509: Canadian CCIRC Vulnerability Note

The Canadian Cyber Incident Response Centre Information (CCIRC) Information Note IN11-509 on Cyber Threats and Vulnerabilities Against SCADA Systems summarizes hundreds of pages of security bulletins into a succinct document.

 

This note covers 19 important Vulnerabilities.

 

IN11-507: Canadian CCIRC Vulnerability Note

The Canadian Cyber Incident Response Centre Information (CCIRC) Information Note IN11-507 on Cyber Threats and Vulnerabilities Against SCADA Systems summarizes hundreds of pages of security bulletins into a succinct document.

This note covers 9 important Vulnerabilities.

How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems

 Byres Security Abterra and SCADAhacker logos

The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems.

This paper describes an example of a site following high security architecture best practices and then shows the ways that the worm could make its way through the defences of the site to take control of the process and cause physical damage.

The paper closes with a discussion of the lessons that can be learned from the analysis of Stuxnet’s propagation pathways. It explains how owners of critical systems need to respond to protect control systems from future threats of this type.

Stuxnet - Siemens S7 Clear Memory

One of the issues with Stuxnet is that in certain cases it will directly modify the PLC firmware and not just user logic. Erasing the CPU memory, including the MMC card, would completely clear out the memory on the S7 controllers and remove the worm.

In case you are not certain how to do this, we have provided the relevant section from the Siemens CPU 31xC and CPU 31x: Installation Manual.

Please remember that you must be certain that the STEP7 project file used to download the program after the memory reset is uninfected, otherwise you start all over again.  Stuxnet hid in STEP7 project files it to re-infect the ES when the project file was opened (Special thanks to Joel Langill for help confirming this).
 

Stuxnet Mitigation Matrix

Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 PLS systems.

It takes advantage of numerous vulnerabilities in the Windows operating system and the Siemens product line.  As a result, full mitigation requires multiple actions.

The Stuxnet Mitigation Matrix shows mitigation measures by Windows operating system and it includes dynamic links to detailed information on each of the patches and mitigations.

Siemens PCS7 WinCC Malware

New Stuxnet White Paper: Analysis of the Siemens WinCC / PCS7 “Stuxnet” Malware for Industrial Control System Professionals.

Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 product lines.

It was designed to target one or more industrial systems that use Siemens PLCs with the apparent objective of sabotaging industrial processes.

This White Paper summarizes the current known facts about the Stuxnet worm and the actions that operators of SCADA and ICS systems can take to protect critical operations.

Also included is Joel Langill's excellent video that shows in detail how Stuxnet infects a system.

Subscribe to RSS - Siemens