Thursday July 15 a disclosure was made about the Siemens SIMATIC PLC WINCC cyber vulnerability. Arguably, it is the first malware in the wild targeted specifically at industrial control systems. The following issues concern me:
- Siemens SIMATIC PLCs are used throughout the industrial (more than just critical) and DOD infrastructures globally.
- According to Stephan Brier, every SIMATIC user has the privileges of the fixed sysadmin server role by default and the MSSQLServer is installed with SYSTEM privileges - so much for security by design.