Siemens Media Advisory regarding the virus affecting Simatic WinCC SCADA Systems

FOR IMMEDIATE RELEASE

UPDATE ON VIRUS AFFECTING SIMATIC WINCC SCADA SYSTEMS

Siemens was notified about the malware program (Trojan) that is targeting the Siemens software Simatic WinCC and PCS 7 on July 14. The company immediately assembled a team of experts to evaluate the situation and is working with Microsoft and the distributors of virus scan programs, to analyze the likely consequences and the exact mode of operation of the virus.

It has so far been established that the Trojan, which spreads via USB sticks and uses a Microsoft security breach, can affect Windows computers from XP upward.

Siemens is taking all precautions to alert its customers to the potential risks of this virus. We have reached out to our sales team and will also speak directly to our customers to explain the circumstances. We are urging customers to carry out an active check of their computer systems with WinCC installations. There are already three virus scan programs recommended for Siemens systems from Trend Micro, McAfee and Symantec, the latest versions of which can detect the Trojan. The effect of deploying these programs on the runtime environment are currently being analyzed and an approval will be issued shortly.

 Additional Information:

• Siemens was notified about a security breach within Microsoft Windows which could potentially affect Simatic WinCC and PCS7.

• The following has so far been established: A malware program (Trojan), which spreads via USB sticks and uses a Microsoft security breach, is targeting the Siemens software Simatic WinCC and PCS 7. Just viewing the contents of the USB stick can activate the Trojan. Siemens recommends avoiding the use of a USB stick.

• The malware can infect any Windows computer from XP upward. According to the latest analyses, once infected, several fragments of the Trojan discharge themselves. The effects of this have not been fully analyzed yet, however; according to the latest information, the Trojan searches the infected computers specifically for installations of Simatic WinCC and PCS 7.

• Siemens experts are working with Microsoft and the distributors of virus scan programs, to analyze the likely consequences and the exact mode of operation of the virus.

• At the same time Siemens has started to develop a solution, which can identify and systematically remove the malware.

• There are already three virus scan programs recommended for Siemens systems from Trend Micro, McAfee and Symantec, the latest versions of which can detect the Trojan. The effect of deploying these programs on the runtime environment are currently being analyzed and an approval will be issued shortly.

What are your comments?

Join the discussion today. Login Here.

Comments

  • It is my understanding that Profibus PA & DP are certified by NERC-CIP for Homeland Security use on power plants, waste water plants, etc., and that FOUNDATION Fieldbus is not certified.  This is because the H2 level is serial-routable.  H1 is serial Non-routable.  All of Profibus is serial Non-routable.  By being Non-routable is virtually impossible for a hacker to get into a system and do damage.

    I was told that FOUNDATION Fieldbus is working on solving the problem with their specification and will be certified soon.  Maybe maybe not.

    I have talked to several DCS vendors who are only ordering Profibus solutions because their end customers don't want to hassle with Homeland Security. 

    How much truth is there to this, and can you explain this a little better?
     

    Joseph A.Kaulfersch

    Reply

RSS feed for comments on this page | RSS feed for all comments