Siemens fixing cyber bugs in industrial control systems

Reuters News
Posted: Dec 22, 2011 1:49 PM
Siemens fixing cyber bugs in industrial control systems

By Jim Finkle

BOSTON (Reuters) - Siemens said it was working to fix flaws in some industrial controls products that researchers warned could make public utility systems, hospitals and other parts of the critical infrastructure vulnerable to attack by hackers.

The German conglomerate, whose industrial control systems are widely used around the world, said on Thursday in a posting on its website that it had learned of the vulnerabilities in May and December of this year from security researchers Terry McCorkle and Billy Rios.

Rios told Reuters that one of the most serious of the vulnerabilities, known as an "authentication bypass," enables potential hackers to get around password protections on Web interfaces, which Siemens customers use to access industrial control systems.

Siemens industrial controls systems are used to run a wide assortment of facilities, from power plants and water systems to breweries, pharmaceutical factories and even uranium enrichment facilities.

"People with low skills will be able to use this authentication bypass," said Rios, who described the problems on his blog,

Siemens said it had addressed some of the security vulnerabilities and would release its first security update to fix them next month.

The company does not know of any cases in which hackers have exploited the vulnerabilities to attack its customers, spokesman Alexander Machowetz said.

The notorious Stuxnet virus that crippled Iran's nuclear program targeted Siemens software, which was used to control gas centrifuges used to enrich uranium at a facility in Natanz.

(Reporting By Jim Finkle; Editing by Lisa Von Ahn)