Software vulnerabilities diagnosed as communication weakness

Siemens' most recent firmware update for its S7-1200 programmable logic controller is said to eliminate vulnerabilities and to improve security.

June 23, 2011

According to Siemens, the company’s latest software vulnerabilities have been caused by a weakness in communication functions of its programmable logic controller (PLC) product, called S7-1200. The vulnerability was reportedly discovered by an NSS Labs researcher and resulted in an ICS-CERT security advisory.

A recently released firmware update of Siemens’ S7-1200 PLC is said to eliminate vulnerabilities and improve the security and robustness of its S7-1200 product family. To download the firmware and to obtain more detailed information, please visit: www.siemens.com/networkbehavior-S7-1200.

At this point, Siemens is reportedly not aware of any customers affected by the identified weak points found in its S7-1200 PLCs. The company has emphasized a commitment to maintaining the highest quality products with the most stringent security standards. Siemens experts have been working closely with ICS-CERT and various user communities to continuously improve the Siemens industrial controller products, according to the company.

As a further precaution, Siemens controllers, including the S7-300/400 families, are allegedly being tested against the discovered vulnerability scenarios.

usa.siemens.com

Siemens

– Edited by Amanda McLeman, Control Engineering, www.controleng.com