Siemens AG issued an advisory to customers on Tuesday warning of a weakness in its Simatic S7 programmable logic controllers that could allow a remote attacker to intercept and decipher passwords, or change the configuration of the devices.
Siemens advised customers to restrict physical and logical access to its Simatic Industrial Automation products. The company warned that attackers with access to the product or the control system link could decipher the product’s password and potentially make unauthorized changes to the Simatic product. The warning is just the latest security scare affecting the popular Siemens Simatic programmable logic controllers, which were the target of the Stuxnet worm.
Siemens issued a alert on its Product SUpport Web page on Tuesday, July 5, saying that it had found a “potential security weakness” affecting the programming and configuration client software authentication mechanism used by the Simatic family of controller platforms, including the S7-200, 300, 400 and S7-1200 systems. While the vulnerability is not described, Siemens said that it could be used to carry out so called “record and replay” attacks, where specific commands are captured in transit, and then resent to devices in an uncontrolled manner.
The company said it is working on a fix for the affected software modules. In the meantime, it advised customers to take a number of steps to mitigate damage from the security hole. Among those steps: restricting physical and logical access to automation products and the systems and networks they run on to authorized personnel, using layered security to limit access to Simatic systems and blocking traffic to affected devices from outside the trusted Manufacturing Zone.
This is just the latest in a string of revelations about the security shortcomings of Siemens SCADA and industrial control systems. The Stuxnet worm shone a light on vulnerabilities in the Siemens software, including a hard-coded administrative back door account that the worm exploited. In recent months, Siemens has come under fire for taking too long to fix many of the vulnerabilities in its products that Stuxnet leveraged. Security researcher Dillon Beresford of NSS Labs also revealed a wide range of other security holes in Siemens Simatic software that could have enabled a remote take down of industrial systems that are managed by Simatic software. The company promptly patched those holes.