June 2011

Digging for Facts on the Siemens S7-1200 PLC Security Vulnerabilities, Part 1/3

Submitted by Eric Byres on Thu, 2011-06-09 14:32

The recent news that Dillon Beresford at NSS Labs had discovered somewhere between four and six serious vulnerabilities in the Siemens S7 PLC product has created quite a storm of news and concern for critical asset owners. Unfortunately, information on the range and severity of the vulnerabilities has been contradictory.

Siemens S7-1200 PLC Security Vulnerabilities, Part 2/3

Submitted by Eric Byres on Fri, 2011-06-10 16:24

In my previous blog, I analyzed the contradictory information being circulated regarding the Siemens S7 PLC vulnerabilities that were discovered by Dillon Beresford at NSS Labs in May. By studying the various Siemens and NSS notices, we were able to scrape out a few facts.

Protecting Siemens S7-1200 PLCs against Security Vulnerabilities, Part 3/3

Submitted by Eric Byres on Mon, 2011-06-13 16:24

Over the past week, I have been digging into the Siemens S7 PLC vulnerabilities that were discovered by Dillon Beresford at NSS Labs in May. In the first blog article, I analyzed the contradictory information being circulated in an attempt to scrape out a few facts and guesses on what PLC products are actually affected and what the nature of the vulnerabilities are.

Blaming Vendors Doesn’t Fix Today’s SCADA Security Issues

Submitted by Eric Byres on Mon, 2011-06-20 09:59

Last week in his blog article, Fix the Problem, Stop Bailing out Vendors, Dale Peterson made an impassioned statement that the SCADA security community:

“needs to put all our efforts and emphasis in the PLC, RTU, controller space on getting vendors to add basic security features to their models available for sale today… We should not say or pretend that any other solution besides this is acceptable. Fix the problem!”