Skip to main content

Vulnerable industrial controls directly connected to Internet? Why not?

posted onJanuary 26, 2018
by l33tdawg

Yesterday, Siemens issued an update to a year-old product vulnerability warning for its SIMATIC S7-300 and S7-400 families of programmable logic controllers (PLCs)—industrial control systems used to remotely monitor and operate manufacturing equipment. The alert, originally issued in December of 2016, was updated on Wednesday to include another version of the S7-400 line. The Department of Homeland Security pushed out an alert through the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) today. The systems in both device families are vulnerable to remote attacks that could allow someone to obtain login credentials to the system or reset it into a "defect" mode, shutting down the controller—essentially executing a denial-of-service attack on whatever equipment it is attached to.

You might not think that factory industrial controls would be directly accessible from the Internet. But a quick survey of devices open on the network port mentioned in the advisory (TCP port 102) using the Shodan search engine revealed over 1,000 Siemens devices directly accessible on the Internet (plus a certain number of honeypots set up to detect attacks).

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th