IT giant Siemens has moved rapidly to fix critical vulnerabilities found by Positive Technologies in its industrial control system (ICS), SIMATIC WinCC.
The Siemens Product CERT (Computer Emergency Response Team) took prompt action to remedy the flaws that were identified by Positive Technologies; fixing a total of 12 vulnerabilities with differing levels of severity in their latest product update (SIMATIC WinCC v7.0).
Exploitation of these vulnerabilities could have led to theft of data, including system passwords and unauthorized access to database management systems by both on-site and remote attackers.
Improving the safety of industrial control (SCADA) systems is a growing priority as national governments recognize the risks to critical infrastructure such as nuclear power stations, petroleum refineries, transport networks and water supply plants. Attacks on SCADA systems become more widely publicized following a series of high-profile incursions using specialized computer viruses, such as Flame and Stuxnet.
“As a global leader in the development of ICS systems, Siemens understands the risks that vulnerabilities like these could potentially pose to their customers and the nations they service,” said Sergey Gordeychik, EVP Product Strategy at Positive Technologies. “They’re quickness in responding to the issues raised is a testament to their commitment to deliver secure systems.”
A detailed guide to fixing the security issues found in SIMATIC WinCC has been published on the Siemens official site. Positive Technologies has already updated its MaxPatrol Compliance and Vulnerability Management System to test for these vulnerabilities within SIMATIC WinCC.