Documenting The Birth of Hacktivist

Hacktivist

Hard-Coded Password and Other Security Holes Found in Siemens Control Systems | Threat Level | Wired.com

leave a comment »

The newly discovered vulnerabilities go a step further than Stuxnet, however, in that they allow an attacker to communicate directly with a Siemens PLC without needing to compromise, or even use, the Step7 software.

One of the most serious security holes is a six-letter hardcoded username and password — both “Basisk” — that Siemens engineers had left embedded in some versions of firmware on its S7-300 PLC model. The credentials are effectively a backdoor into the PLC that yield a command shell, allowing an attacker to dump the device’s memory — in order to map the entire control system and devices connected to it — and reprogram the unit at will.

“I was able to log in via telnet and http, which allowed me to dump memory, delete files and execute commands,” says Dillon Beresford, the security researcher with NSS Labs who discovered the password, and at least a dozen more subtle security holes.

Beresford had planned to discuss a few of the vulnerabilities at TakeDownCon in Texas in May, but pulled the talk at the last minute after Siemens and the Department of Homeland Security expressed concern about disclosing the security holes before Siemens could patch them.

via Hard-Coded Password and Other Security Holes Found in Siemens Control Systems | Threat Level | Wired.com.

Advertisements

Written by gatoMalo

August 4, 2011 at 9:43 pm

Posted in Notes to Myself

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: