Siemens Media Advisory regarding the virus affecting Simatic WinCC SCADA Systems

July 19, 2010

FOR IMMEDIATE RELEASE

UPDATE ON VIRUS AFFECTING SIMATIC WINCC SCADA SYSTEMS

FOR IMMEDIATE RELEASE

UPDATE ON VIRUS AFFECTING SIMATIC WINCC SCADA SYSTEMS

Siemens was notified about the malware program (Trojan) that is targeting the Siemens software Simatic WinCC and PCS 7 on July 14. The company immediately assembled a team of experts to evaluate the situation and is working with Microsoft and the distributors of virus scan programs, to analyze the likely consequences and the exact mode of operation of the virus.

It has so far been established that the Trojan, which spreads via USB sticks and uses a Microsoft security breach, can affect Windows computers from XP upward.

Siemens is taking all precautions to alert its customers to the potential risks of this virus. We have reached out to our sales team and will also speak directly to our customers to explain the circumstances. We are urging customers to carry out an active check of their computer systems with WinCC installations. There are already three virus scan programs recommended for Siemens systems from Trend Micro, McAfee and Symantec, the latest versions of which can detect the Trojan. The effect of deploying these programs on the runtime environment are currently being analyzed and an approval will be issued shortly.

 Additional Information:

• Siemens was notified about a security breach within Microsoft Windows which could potentially affect Simatic WinCC and PCS7.

• The following has so far been established: A malware program (Trojan), which spreads via USB sticks and uses a Microsoft security breach, is targeting the Siemens software Simatic WinCC and PCS 7. Just viewing the contents of the USB stick can activate the Trojan. Siemens recommends avoiding the use of a USB stick.

• The malware can infect any Windows computer from XP upward. According to the latest analyses, once infected, several fragments of the Trojan discharge themselves. The effects of this have not been fully analyzed yet, however; according to the latest information, the Trojan searches the infected computers specifically for installations of Simatic WinCC and PCS 7.

• Siemens experts are working with Microsoft and the distributors of virus scan programs, to analyze the likely consequences and the exact mode of operation of the virus.

• At the same time Siemens has started to develop a solution, which can identify and systematically remove the malware.

• There are already three virus scan programs recommended for Siemens systems from Trend Micro, McAfee and Symantec, the latest versions of which can detect the Trojan. The effect of deploying these programs on the runtime environment are currently being analyzed and an approval will be issued shortly.