If you look after the Large Hadron Collider you should read this...

A Russian security researcher has uncovered security vulnerabilities that could allow a malicious attacker to conduct man-in-the-middle attacks, denial‑of‑service attacks, and possibly authenticate themselves as valid users.

So far, so much par for the course.

But what makes this vulnerability disclosure by Ilya Karpov of Positive Technologies particularly noteworthy, as The Register reports, is that the vulnerabilities were found in Siemens SIMATIC HMI devices used to control critical systems at petrochemical facilities, power plants and even the Large Hadron Collider.

Yes, you can imagine how that could cause problems...

Large Hadron Collider

One of the vulnerabiities, as described in ICS-CERT's advisory explains that a hacker might only need a hash of the system's password - rather than the password itself - to gain access to privileged systems.

If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves. This vulnerability affects SIMATIC WinCC and SIMATIC PCS 7.

Threats such as Stuxnet and Dragonfly have raised the public's awareness of the need to properly protect industrial control systems (ICS) which control critical infrastructure such as the management of electrical, water, oil, gas and data supplies.

Siemens says it has now patched the vulnerabilities.

Nonetheless, you think you had a headache keeping your home computer updated with security patches? Just imagine if you were responsible for securing the Large Hadron Collider or a nuclear plant...

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

One Response

  1. coyote

    September 3, 2015 at 6:41 pm #

    On the subject of protecting nuclear plants…

    http://www.bbc.co.uk/news/world-us-canada-32663107

    And as for the character limit, while it is probably not a problem at 3000 characters (even for me mostly), the issue of quoting comes to mind as that adds up. Maybe you could have a way that quotes the article (I don't mean the full article but portions of). Perhaps this isn't a problem even, but I'm raising the point now just in case (at least it isn't like the BBC where they limit to 400 characters). But until this sentence it was 2494 characters left, and I didn't write all that much (though amusingly almost all of it is about the character limit itself).

Leave a Reply