Skip to main content

Siemens Beresford Backdoor Explored

posted onAugust 9, 2011
by l33tdawg

I thought it would be worthwhile to explore the Beresford backdoor. I recently picked up an old S7 Ethernet module and wanted to see if it contained anything similar.

To do this analysis, I grabbed a few firmwares from Siemens’ download site. It’s easy enough to do. Searching for any of their CPU names on Google will give you their product home page, which includes links to firmware downloads. For example, the CPU 317 with Ethernet the Dillon worked on is here. Note that their firmware update page never even mentions the word, “Security,” it simply says “Addressing the Web server after a firmware update no longer causes Defect Z1:8000.,” Wow. Informative.

Anyway, I ripped the ROM out of my own Ethernet card for comparison.  No special tools are required to get Siemens’ downloaded firmware, but reading the ROM from my Ethernet card requires a Flash programmer with a socket adapter (roughly $150 in parts), as well as the Ethernet module itself ($200 on eBay).

Source

Tags

Siemens Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th