S7

Project Basecamp Adds Stuxnet-type Attack Module to Metasploit

UPDATE: Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers (PLCs). The new exploits, which are being submitted to the Metasploit open platform, include one that carries out a Stuxnet-type attack on programmable logic controllers made by the firm Schneider Electric, according to information provided to Threatpost by Digital Bond, a private consulting firm that has sponsored the effort.

Siemens Patches SCADA Holes, Downplays Threat

In the wake of a report about vulnerabilities in its products, Siemens issued a patch for its Simatic S7 industrial controllers on Monday. ICS CERT, the Cyber Emergency Response Team for Industrial Control Systems, issued an alert advising Siemens customers to apply the patch.

Researcher Says Siemens Downplaying Serious SCADA Holes

Dillon Beresford, the NSS Labs researcher who disclosed serious holes in industrial control system software from Siemens says the company is downplaying the seriousness of the vulnerabilities in its public statements, and that a supposed “fix” for the vulnerabilities is inadequate. 

Metasploit Holding On Siemens Exploits

by Paul Roberts

UPDATE: A week after a security researcher decided to cancel a technical discussion of security holes in industrial control software from Siemens, Inc., public exploits for the vulnerabilities are on hold while the company works to shore up systems running its Simatic programmable logic controller (PLC) software.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.

Subscribe now

Topics

Show all

Authors

Threatpost

InfoSec Insider

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.