Vulnerable industrial controls directly connected to Internet? Why not?

 In Biz & IT, DHS, Homeland Security, industrial control systems, internet of shit, Internet of Things, PLCs, Policy, power grid, Programmable logic controllers, Siemens

Vulnerable industrial controls directly connected to Internet? Why not?

Serving the Technologist for more than a decade. IT news, reviews, and analysis.

(credit: Siemens)

Yesterday, Siemens issued an update to a year-old product vulnerability warning for its SIMATIC S7-300 and S7-400 families of programmable logic controllers (PLCs)—industrial control systems used to remotely monitor and operate manufacturing equipment. The alert, originally issued in December of 2016, was updated on Wednesday to include another version of the S7-400 line. The Department of Homeland Security pushed out an alert through the Industrial Control Systems Computer Emergency Response Team (ICS-CERT) today. The systems in both device families are vulnerable to remote attacks that could allow someone to obtain login credentials to the system or reset it into a “defect” mode, shutting down the controller—essentially executing a denial-of-service attack on whatever equipment it is attached to.

You might not think that factory industrial controls would be directly accessible from the Internet. But a quick survey of devices open on the network port mentioned in the advisory (TCP port 102) using the Shodan search engine revealed over 1,000 Siemens devices directly accessible on the Internet (plus a certain number of honeypots set up to detect attacks).

Many of the devices are vulnerable based on Siemens’ alerts and do not have the firmware updates required to mitigate the threat. The only good news, as security researcher Kevin Beaumont said in an exchange with Ars on Twitter, is that “I’ve seen no evidence of anybody trying to wipe them, etc., yet.”

Read 8 remaining paragraphs | Comments

Even some devices with patches available are connected to the naked Internet.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt