WinCC and the Stuxnet worm - PLCS.net

marshjhm · July 25th, 2010, 03:55 PM

Has anyone heard what Siemens plans to do about the WinCC admin password vulnerability that is exploited by the Stuxnet worm? This is the first time I have heard of an HMI being attack directly by a worm. Of course the worm uses a Windows vulnerability to get into the system, but still I would think that Siemens would be concerned, and create some kind of patch.

Saperov · July 25th, 2010, 05:20 PM

http://support.automation.siemens.co...ew/en/43876783
This is not the fault Siemens that its program was attacked.
One anti-virus laboratory analyst argued that the virus is directed against one of the Central Asian countries. Guess who is interested in data from the nuclear WinCC/PCS7?
This is the first program of state espionage by the virus to justify the bombing of the future ...

Quote:

If you look at these statistics, mapping the world, it becomes clear that the centers of the epidemic are the three countries - Iran, India and Indonesia (all three on the letter "I", funny).
In each of these countries the number of recorded incidents over KSN 5000.
Realtek is a hardware the company, and writing software for their devices - a by-process, for which the best of all - the use of outsourcers.
And which country is the world leader in the outsourcing programming?
Correct: India.
Can outsourcer, creating software for the company, have the means to "sign" the certificate program this company? Probably yes.
hus, one can assume that the malicious program was created precisely in India (see the map) and, perhaps, not without an insider among the developers of applications for Realtek.

WencaB · July 26th, 2010, 04:08 PM

Hi everybody,

currently I am in Iran, Bandar Abbas for commisioning of our project for steel making plant.
We have this virus everywhere here, on WinCC server, clients and so on.
This virus was probably transfered from some USB stick from customer.
In this time I downloading Simatic patch and antivirus software from links above.
I am sure, that I have had this virus minimal one month ago in my project backups too.
So tomorow I try remove this virus and i will inform you.
The main problem here is the internet connection is so slow.
So currently of course our PLC and HMI network is not connected to internet, but when we leave who knows ...

I just have one question, if anybody have some problems on running system with this virus?

Thanks

Saperov · July 26th, 2010, 05:02 PM

The expert from Kaspersky Lab wrote about StuxNet
http://translate.google.com/translat..._5&sl=ru&tl=en

http://www.symantec.com/connect/blog...rk-information

Saperov · August 3rd, 2010, 05:19 AM

AntiStuxnet hotfix from MS
http://www.microsoft.com/technet/sec.../MS10-046.mspx

July 25th, 2010, 03:55 PM	#1
marshjhm Member Join Date: Oct 2006 Location: Spokane, WA Posts: 38	WinCC and the Stuxnet worm Has anyone heard what Siemens plans to do about the WinCC admin password vulnerability that is exploited by the Stuxnet worm? This is the first time I have heard of an HMI being attack directly by a worm. Of course the worm uses a Windows vulnerability to get into the system, but still I would think that Siemens would be concerned, and create some kind of patch.

July 26th, 2010, 04:08 PM	#3
WencaB Member Join Date: Apr 2010 Location: Karlovy Vary Posts: 1	Iran Hi everybody, currently I am in Iran, Bandar Abbas for commisioning of our project for steel making plant. We have this virus everywhere here, on WinCC server, clients and so on. This virus was probably transfered from some USB stick from customer. In this time I downloading Simatic patch and antivirus software from links above. I am sure, that I have had this virus minimal one month ago in my project backups too. So tomorow I try remove this virus and i will inform you. The main problem here is the internet connection is so slow. So currently of course our PLC and HMI network is not connected to internet, but when we leave who knows ... I just have one question, if anybody have some problems on running system with this virus? Thanks

July 26th, 2010, 05:02 PM	#4
Saperov Member Join Date: Mar 2010 Location: Russia Posts: 98	The expert from Kaspersky Lab wrote about StuxNet http://translate.google.com/translat..._5&sl=ru&tl=en http://www.symantec.com/connect/blog...rk-information Last edited by Saperov; July 26th, 2010 at 05:23 PM.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode



This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
*Try our online PLC Simulator- FREE. Click here now to try it.*

August 3rd, 2010, 05:19 AM	#5
Saperov Member Join Date: Mar 2010 Location: Russia Posts: 98	AntiStuxnet hotfix from MS http://www.microsoft.com/technet/sec.../MS10-046.mspx

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)