Most Vulns Exploited By Stuxnet Worm Remain Unpatched
The media storm over the Stuxnet worm may have passed, but many of the software holes that were used by the worm remain unpatched and leave Siemens customers open to a wide range of potentially damaging cyber attacks, according to industrial control system expert Ralph Langner.
Writing on his personal blog, Langner said that critical vulnerabilities remain in Windows-based management applications and software used to directly manage industrial controllers by Siemens Inc., whose products were targeted by the Stuxnet worm. Siemens did not immediately respond to a request for comment on Langner's statement.
Langner, a principal and founder of Langner Communications GmbH is an independent expert on industrial control system security. He was among the first to connect the Stuxnet worm to an attack on uranium enrichment facilities within Iran. He was also among those who pinned responsibility for the attack on the United States and Israel.
Langner's company sells security software and services to firms in the industrial control field. In the past, he has been critical of both the media coverage of the Stuxnet worm and of Siemens response to revelations that software vulnerabilities and other structural weaknesses in its products contributed to the creation of Stuxnet and the success of the attack.