Home / / Stuxnet-targeted SCADA software still vulnerable

Stuxnet-targeted SCADA software still vulnerable

Siemens SCADA application still vulnerable to remote takeover hacks

Stuxnet-targeted SCADA software still vulnerable
Positive Technologies researchers demonstrated how Siemens' SCADA systems could be taken over via a web browser interface.

The Siemens SCADA control software that was targeted by the Stuxnet malware has still not been properly secured, according to security researchers from Positive Technologies.

Flaws in Siemens' WinCC SCADA (Supervisory Control And Data Acquisition) software was exploited by the creators of Stuxnet to disrupt production processes at Iranian nuclear facilities.

Researchers from Russia-based Positive Technologies report finding more than 50 vulnerabilities in the latest version of WinCC.

The researchers had been due to present their findings to the Defcon security conference in July this year, but cancelled the presentation at the request of Siemens, as the company was still working to patch the flaws. Positive image CTO Sergey Gordeychik has now revealed the results of their research, that found many vulnerabilities in WinCC that would allow an attacker to take over the system remotely. Details are still being withheld as Siemens has still not released patches for the application.

Gordeychik said that while Siemens appears to be taking security seriously, there are so many vulnerabilities that the company has had to develop a roadmap to patch them all.

Positive Technologies also demonstrated how login credentials for a WinCC SCADA system could be stolen, if the systems operator was simply using the same browser to access the internet while using WinCC's web interface.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.