What's new
What's new
By:
Advanced search…

Computer worm targeting Siemens PLCs

Siemens was pretty quick with a bulletin warning of this and software upgrades to close the vulnerability. i am fairly certain that we were alerted to this just over a month ago.

The interesting thing about this is that as PLC systems become more and more connected to public WAN's for remote access and data collection - they become vulnerable to malware like this. In this case - the PLC / HMI code is uploaded to a remote server for review by the malware creators and where it can be modified as desired by the malware creator to control machinery in a different manner than intended by the OEM and sent back to the PLC/HMI in the form of modified code listings.

If you think about how many chemical / refinery / energy processes are run by PLCs - it wouldn't be hard to create changes to control software that would result in catastrophic failures in these systems.
 
Ooof...I wondered when this day would come although it does not yet effect my trade that I know of. I work in building automation, we are dealers for Siemens, Honeywell, American Automatrix and Johnson. It used to be that the specific controllers where proprietary and were commanded and programmed with the manuacturers software, open protocols such as LonWorks and BACNET have changed that. The front end we use for these systems runs on a windows platform and is based in JAVA. The program, designed and licensed by Tridium (now owned by Honeywell), is basically the same for all of the lines listed with only basic cosmetic and privilege changes and, in most instances, is web accessible. So in effect if someone were to design a bug that could infiltrate Tridiums software they could gain access to many systems and, while an intimate knowledge of many systems was once required, knowledge of only one is now required (more bang for your hacker buck!). Not so much a big deal for comfort cooling, and a little worse for server rooms and critical cooling, but when you consider that the same system can also have building access and security integrated into it the scenario becomes worse. I don't doubt that if there is a bug designed manufacturers will begin reversing the move to open protocol and touting their proprietary products as safe.

JR
 
Last edited:
As far as the talk around the shop goes the Stuxnet rides on the back of WinCC. If you don't use WinCC you won't have any problems with Stuxnet.

Figure to have copycats of Stuxnet floating around. Someday it's gonna happen to all of us.

Rep
 
Apparently you are not affected unless you are running enrichment centrifuges. It is quite specific to those operations.
 
You must log in or register to reply here.

Similar threads

B
Siemens 840c Alarm 1361 ORD2 Z contamination meas. system axis
Replies
5
Views
541
mr_servo
M
B
Siemens 840Di poor linearized surfacing tool path performance
Replies
1
Views
521
Billy_C
B
W
CNC Programmer and Operation Specialist Needed for Robotics Company in Norway
Replies
1
Views
960
empower
E
E
Programmer/machinist needed, Novi, MI
Replies
0
Views
807
empower
E
O
In depth technical breakdown of CNC controls
Replies
3
Views
1K
CarbideBob
C








 

ABOUT PRACTICAL MACHINIST

With more than 10.6 million unique visitors over the last year, Practical Machinist is the most visited site for metalworking professionals. Practical Machinist is the easiest way to learn new techniques, get answers quickly and discuss common challenges with your peers. Register for the world’s largest manufacturing technology forum for free today to stay in the know.

Learn more about us.

STAY CONNECTED

Facebook Instagram YouTube LinkedIn Pinterest Twitter Tiktok

Register Become a forum member. Register today.

Sign Up Sign up for our e-newsletter.

© 2024 Copyright Practicalmachinist.com. All Rights reserved.

Back
Top