Project Basecamp Adds Stuxnet-type Attack Module to Metasploit

UPDATE: Project Basecamp, a volunteer effort to expose security holes in industrial control system software, unveiled new modules on Thursday to exploit holes in common programmable logic controllers (PLCs). The new exploits, which are being submitted to the Metasploit open platform, include one that carries out a Stuxnet-type attack on programmable logic controllers made by the firm Schneider Electric, according to information provided to Threatpost by Digital Bond, a private consulting firm that has sponsored the effort.

Siemens Patches SCADA Holes, Downplays Threat

In the wake of a report about vulnerabilities in its products, Siemens issued a patch for its Simatic S7 industrial controllers on Monday. ICS CERT, the Cyber Emergency Response Team for Industrial Control Systems, issued an alert advising Siemens customers to apply the patch.

Researcher Says Siemens Downplaying Serious SCADA Holes

Dillon Beresford, the NSS Labs researcher who disclosed serious holes in industrial control system software from Siemens says the company is downplaying the seriousness of the vulnerabilities in its public statements, and that a supposed “fix” for the vulnerabilities is inadequate. 

UPDATE: A week after a security researcher decided to cancel a technical discussion of security holes in industrial control software from Siemens, Inc., public exploits for the vulnerabilities are on hold while the company works to shore up systems running its Simatic programmable logic controller (PLC) software.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.