Researcher Says Siemens Downplaying Serious SCADA Holes

Dillon Beresford, the NSS Labs researcher who disclosed serious holes in industrial control system software from Siemens says the company is downplaying the seriousness of the vulnerabilities in its public statements, and that a supposed “fix” for the vulnerabilities is inadequate. 

Metasploit Holding On Siemens Exploits

UPDATE: A week after a security researcher decided to cancel a technical discussion of security holes in industrial control software from Siemens, Inc., public exploits for the vulnerabilities are on hold while the company works to shore up systems running its Simatic programmable logic controller (PLC) software.

Security researcher Dillon Beresford decided not to present a talk at the TakedownCon in Dallas on Thursday, citing concerns about mayhem that could have resulted. But in an e-mail, he told Threatpost that the vulnerabilities could allow remote attackers to start or stop Siemens Programmable Logic Controllers (PLCs) and harvest information from the devices.

Philip Reitinger, the top information security official at the Department of Homeland Security, is going to step down from his post at the beginning of June, just a couple of weeks after the Obama administration laid out the details of its latest strategy to improve the country’s online defenses and plans to work with foreign nations to reduce cybercrime.

The Obama administration has unveiled a sweeping strategy for the way that it plans to conduct the country’s business and political dealings online in the coming years, and much of the plan centers on improving the security and reliability of the Internet. The International Strategy for Cyberspace is a policy document and not a technical one, but the plan clearly implies that the U.S. intends to assert and defend its rights online.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.