"SCADA Password-Cracking Tool For Siemens S7 PLCs Released"

A Russian security researcher has unleashed a brute-force password-cracking tool that can capture passwords for Siemens S7 programmable logic controllers (PLC), which run machinery in power plants and manufacturing sites.

Quelle: Dark Security Reading vom 22.01.13

Siemens was the target of much of the vulnerability research at last week's conference, where another researcher also demonstrated how to intercept S7-400 PLC passwords. Erik Johansson, an independent consultant and researcher at the Royal Institute of Technology in Sweden, demonstrated how unpatched S7 systems are susceptible to attack and control by an unauthorized user who grabs their passwords. Siemens described the flaw as a security "weakness in the programming and configuration client software authentication method" that the S7 employs.

Industrial Control Systems (ICS) geraden verstärkt ins Visier von Sicherheitsforschern - und möglicherweise auch in das von Kriminellen, etc. Damit steigt die Gefahr, dass sich Cyber-Angriffe nicht nur "virtuell" auswirken, sondern auch Infrastruktur stören oder zerstören können.