Security

Siemens Distributes Sysclean to Fight Stuxnet Malware

3Share
By: Brian Prince
2010-07-22
Article Rating: /3
Share This Article

There are 1 user comments on this Security story.

Siemens is distributing a Trend Micro security tool

created to help organizations clean machines infected
with the Stuxnet malware. Stuxnet targets Siemens
SCADA software and has been utilizing infected USB
sticks and a Microsoft Windows vulnerability to spread.
Rate This
Article:

Poor
Best
Rate
 E-mail PDF
Version

Print
Siemens is distributing a tool to help customers deal with a
malware threat targeting its SCADA, or supervisory control
and data acquisition, software.
Sysclean, developed by Trend Micro, detects Stuxnet and
cleans it from infected machines. First reported by security
vendor VirusBlokAda, based in Minsk, Belarus, Stuxnet
targets Siemens' Simatic WinCC and PCS 7 software, and
has been spreading via infected USB devices by exploiting
an unpatched vulnerability in Microsoft Windows.
Once the malware is installed it scans for the Siemens
software. From there, the malware attempts to steal process
or production data and send it out via the Internet.
In addition to pushing the Stuxnet cleanup tool, Siemens has
advised organizations to avoid using USB sticks and setting
up online connections with automation devices from an
infected engineering computer even after the malware has
been removed.
"Currently, there is only one known case in Germany of
infection [of Siemens customers], which did not result in
any damage," Siemens spokesperson Michael Krampe told
eWEEK in an e-mail. "We do not have any indication that
WinCC users in other countries have been affected."
Stuxnet has garnered a high amount of interest, both because
it is associated with a Windows zero-day vulnerability and
because it targets software used to control systems at
manufacturing and utility companies.
"The zero-day vulnerability, rootkit, main binaries, stolen
digital certificates and in-depth knowledge of SCADA
software are all high-quality attack assets," Symantec
 researcher Patrick Fitzgerald and Senior Manager Eric
Chien blogged jointly. "The combination of these factors
makes this threat extremely rare, if not completely novel."

Protection Against Stuxnet Malware Windows Exploit

0diggsdigg
By DevSource
2010-07-21

Article Rating: /0

Rate This Article: Add This Article To:

Poor
Best
Rate

Despite their best efforts, the Stuxnet malware exploit is

still wreaking havoc as it targets a Microsoft Windows
vulnerability. Here's some suggestions on how you can
protect yourself against Stuxnet.

To read this article in its entirety, please visit eWeek: Stuxnet

Malware Still Exploiting Microsoft Windows Security Hole
News of a Microsoft Windows zero-day vulnerability may
have put the Stuxnet malware on the public’s radar, but it has
not stopped the malware’s purveyors from trucking along.
As of this morning, Microsoft said it detected nearly 10,000
unique machines where Stuxnet infections were prevented.
The target of the malware is not ordinary users, but industrial
companies using Siemens’ SCADA (supervisory control and
data acquisition) software. Its appearance has given rise to
concerns about targeted attacks against the critical
infrastructure, particularly since many of the infections are
being reported in the United States. According to figures
released July 19 by ESET Virus Lab, nearly 58 percent of all
compromises are being reported in the United States. Another
30 percent were being reported in Iran, the vendor found.
“This worm is an exemplary case of a targeted attack
exploiting a zero-day vulnerability…[and targeting] the
industrial supervisory software SCADA,” said Juraj Malcho,
head of ESET’s Virus Lab, in a statement. “In short – this is
an example of malware-aided industrial espionage. The
question is why the chart of affected nations looks as it does.”

ophisticated Stuxnet Worm Uses 4 Microsoft Zero-Day

Bugs
17Share
By: Brian Prince
2010-09-14
Article Rating: /9
Share This Article

There are 6 user comments on this Security story.

Security researchers reveal that the Stuxnet worm

targeting industrial companies exploits four zero-day
vulnerabilities - including two that remain unpatched.
Rate This
Article:
 Poor
Best
Rate

E-mail PDF
Version

Print
Security researchers revealed today the Stuxnet worm has
been exploiting four zero-day vulnerabilities in Windows in an
attempt to infect industrial control systems.
In the months since Stuxnet was first publicized in July, much
of the attention focused on a now-patched Microsoft
Windows bug tied to the way shortcut files are parsed on
vulnerable machines. Researchers reported today however that
the malware has actually been seen exploiting multiple zero-
day bugs, including two that Microsoft said remain unpatched.
"If I have to single something out [as the most interesting]—
which is hard in this case—then I'd go for the fact that Stuxnet
exploits four previously unknown vulnerabilities," said Roel
Schouwenberg, senior antivirus researcher at Kaspersky Lab.
"But overall, the thought which has been put into Stuxnet is
just amazing. Four zero-days, two stolen [digital] certificates,
knowing SCADA systems inside and out—it's all been very
carefully orchestrated."
In addition to the Windows shortcut bug, the worm also used a
vulnerability in Windows' Print Spooler service that was
patched today by Microsoft. Still left open, however, are two
privilege escalation vulnerabilities the malware tries to use to
gain control of infected systems.
"One of these EoP [escalation of privilege] vulnerabilities
affects Windows XP and the other affects Windows Vista,
Windows 7, Windows Server 2008 and Windows Server 2008
R2," blogged Jerry Bryant, group manager of Response
Communications at Microsoft. "These are local EoP issues,
which means that an attacker, in this case Stuxnet, already has
permission to run code on the system or has compromised the
system through some other means.
"We are currently working to address both issues in a future
bulletin," Bryant added.
First reported by security vendor VirusBlokAda, the worm
targeted Siemens' Simatic WinCC and PCS 7 software, which
run on industrial control systems.
In the months since the worm became publicly known, the
number of infected machines in India has continued to grow,
Schouwenberg said. The amount of infected machines in Iran
and Indonesia is significantly lower than earlier in the year, he
added.
According to Siemens spokesperson Michael Krampe,
Siemens has identified 15 customers that found Stuxnet on
their systems, and "each was able to detect and remove the
virus without any impact to their operations."
"Luckily, most control system operators separate their control
network from their business and public networks," noted Mike
Sconzo, senior security analyst at NetWitness. "That has been
a limiting factor in keeping the number of viable infections
down. Even though the initial infection vector was discovered
to be based on USB drives, newer information points to
Stuxnet being able to replicate via the network. Because of the
limited network connectivity and the restrictions imposed on
employees to not plug USB drives into controls systems, this
threat has not been as serious as it could have been.
"While being regarded as the first targeted attack against
industrial systems in the wild, it will likely not be the last," he
added. "Being a first effort in the target space and only going
after a limited number of system types, it has accomplished an
amazing amount."

Siemens is distributing a Trend Micro security tool created

to help organizations clean machines infected with the
Stuxnet malware. Stuxnet targets Siemens SCADA
software and has been utilizing infected USB sticks and a
Microsoft Windows vulnerability to spread.
Rate This
Article:

Poor
Best
Rate

E-mail PDF
Version

Print
Siemens is distributing a tool to help customers deal with a
malware threat targeting its SCADA, or supervisory control
and data acquisition, software.
Sysclean, developed by Trend Micro, detects Stuxnet and
cleans it from infected machines. First reported by security
vendor VirusBlokAda, based in Minsk, Belarus, Stuxnet
targets Siemens' Simatic WinCC and PCS 7 software, and has
been spreading via infected USB devices by exploiting an
unpatched vulnerability in Microsoft Windows.
Once the malware is installed it scans for the Siemens
software. From there, the malware attempts to steal process or
production data and send it out via the Internet.
In addition to pushing the Stuxnet cleanup tool, Siemens has
advised organizations to avoid using USB sticks and setting up
online connections with automation devices from an infected
engineering computer even after the malware has been
removed.
"Currently, there is only one known case in Germany of
infection [of Siemens customers], which did not result in any
damage," Siemens spokesperson Michael Krampe told
eWEEK in an e-mail. "We do not have any indication that
WinCC users in other countries have been affected."
Stuxnet has garnered a high amount of interest, both because it
is associated with a Windows zero-day vulnerability and
because it targets software used to control systems at
manufacturing and utility companies.
"The zero-day vulnerability, rootkit, main binaries, stolen
digital certificates and in-depth knowledge of SCADA
software are all high-quality attack assets," Symantec
researcher Patrick Fitzgerald and Senior Manager Eric Chien
blogged jointly. "The combination of these factors makes this
threat extremely rare, if not completely novel."

Stuxnet worm can control industrial systems

US media outlets are reporting that the Stuxnet worm

first discovered in connection with the LNK hole has globally
infiltrated 14 Siemens industrial control systems which run the
Windows Control Center (WinCC) SCADA software, in the
US, South Korea, the UK and Iran. Stuxnet is specifically
designed to compromise systems running this software.
Researchers at Symantec say that the worm can even infect
Programmable Logic Controllers (PLCs), used on site to
control such components as pumps and valves, via the WinCC
system.
According to Symantec's analysis, Stuxnet can replace or add
individual blocks of PLC code – it apparently includes a total
of 70 (encrypted) blocks to implement new functions. The
malware even goes to the trouble of hiding its PLC
manipulations: If a WinCC user accesses the code blocks, any
blocks that were added by the worm are said to be invisible.
Symantec has, therefore, called the malware the first publicly
known rootkit for industrial control systems.
Instead of acting autonomously, however, Stuxnet allows its
creators to remotely access WinCC systems and select, as well
as manipulate, the behaviour of individual PLCs. Which
functions are implemented by the new code and whether the
code is designed to allow its operators just to monitor or, even
worse, to disrupt systems remains unclear. Symantec's blog
mentions a historic example where a "trojanised" valve
controller was reportedly manipulated to increase the pressure
in a pipeline beyond the pipeline's capacity. Even if the
operators of an industrial plant have removed the Stuxnet
worm from their WinCC systems, parts of the Programmable
Logic Controllers potentially remain affected.
When analysing the worm, the security experts also
discovered further, previously undisclosed, security holes in
Windows the worm apparently exploits to proliferate through
the network and to elevate its privileges on infected systems.
Microsoft closed one of these holes on its recent Patch
Tuesday.
The worm uses Siemens' hard-coded MS SQL database access
credentials to obtain access to the SCADA system's data.

CSWorks: web-based industrial automation

Of CSWorks and software development
<< Security - access rights management | CSWorks
1.4.3900.0 released >>
Post-Stuxnet industrial automation systems
Ekim 5, 2010 10:44 by Sergey Sorokin
Introduction
Recently, I came across an excellent paper by Symantec
engineers that sheds some light on what infamous
W32.Stuxnet virus looks like from inside. First off, I was
impressed. To be honest, I haven't had such interest reading
about a dissected and prepared virus since mid-nineties when I
was infatuated with assembly languages, and when viruses,
worms and trojans just started making top spots in the
newspapers. And here is why.

1. The scale of the research and development effort behind this

attack is enormous. Simatic PLC programming, Step 7
internals, WinCC database vulnerability, Windows
vulnerabilities (including two unreported exploits!), virus
control centers in the web that parasite on some soccer site,
compromised Verisign certificates issued to Realtek and
JMicron, early versions of the virus that (presumably)
conducted reconnaissance and gathered information about
target hardware and software infrastructure... I can easily
imagine big money spent on hardware and to keep busy a team
of developers for many months. I can even imagine some
black-hat hacker selling unknown Windows exploits and
stolen private keys for the compromised certificates to this
group - this type of product is marketable.

2. The determination of the aforementioned team to hit a

specific target (or a group of targets). The detail level of the
PLC part of Stuxnet gives the impression that someone with
inside knowledge of how particular Siemens SCADA
deployments work was involved. The effective use of system
vulnerabilities and user habits is a trait of a very carefully
planned action.

Anyways, after Stuxnet, SCADA world will never be the

same. Let me share some thoughts.

Scapegoats? Anyone?
Iranian authorities have already detained several individuals
presumably connected to the Stuxnet attacks. Being a peaceful
tech person, I am absolutely not intrigued by the opportunity
to see heads on sticks. Instead, I would rather take a closer
look at the technical aspect of the story.

Siemens
By no means I am an expert in Siemens SCADA software, but
to me it looks like WinCC database hard-coded password is
the only serious security hole provided by Siemens in the
Stuxnet case. Yes, using a hard-coded password that has been
available on the Internet for several years cannot be
considered a secure practice. But, after all, this vulnerability
was used by Stuxnet only as one of the replication vehicles.
Without this exploit, infection would spread out at slower rate,
and that's it. As for the fact that a whole piece of Step 7
(Siemens PLC programming software) was replaced by the
virus and executed to perform some malicious actions like
tweaking PLC programs... Well, there is not too much
Siemens developers can do if a virus gets privileged access to
the system and can patch executable files in the memory and
on hard and removable drives. This takes us to the next
candidate.

Microsoft
These charges are harder to beat. According to the report,
Stuxnet "exploits a total of four unpatched Microsoft
vulnerabilities, two of which are previously mentioned
vulnerabilities for self-replication and the other two are
escalation of privilege vulnerabilities that have yet to be
disclosed." This is big. These two unreported exploits gave the
virus carte blanche to perform any memory and file
modifications on all versions of Windows. Being a long-time
Microsoft camper, I was happy to see the patch coming out on
September 15, 2010.

IT infrastructure
While googling Stuxnet, I have come across this posting.
Although the whole article is definitely worth attention, I
would like to quote a couple of excerpts.

Question: Is it enough to separate the process control

network from the business LAN? Is this realistic?
Answer: It depends on what you mean by “separate.”
Industrial security standards and guidelines do recommend
the networks be segmented by firewalls or other technology to
prevent unauthorized communications between enterprise and
control system networks. If by “separate” you mean
“completely disconnected,” this is what control system folks
mean when you hear the term “air-gapped.” In the pre-
wireless days, the term meant “no electrons can pass between
control networks and enterprise networks.”
Nowadays, very few control systems networks are completely
disconnected from enterprise networks. Most control systems
can still be run safely without enterprise network
communications, but many physical processes can no longer
be run profitably without routine, real-time enterprise
network communications. ...
Question: We have found that changing the plant engineer’s
way of thinking has been the biggest challenge with regard to
increasing security on the control side.
Answer: I agree. There are many barriers to get past on the
awareness side. Many plant engineers are focused on safety
and availability objectives and see security measures as
impairing their ability to meet those objectives. Others don’t
believe there is a threat, or don’t believe their systems are
sufficiently exposed to that threat. Many engineers simply
aren’t aware – they don’t realize that their “air gaps”
disappeared years ago.

To summarize all of the above, Stuxnet self-reproduction

abilities would be extremely limited (and we would probably
never hear of this attack) if the following conditions were met:
- all involved Windows system must be patched for known
vulnerabilities (BID 41732, BID 43073, BID 31874);
- no public network shares;
- no removable devices (USB flash drives, CD-Rs);
- no WinCC database hard-coded password (I am not sure if
this is achievable though);
- Step 7 stations should not have access to the Internet (no
possibility to communicate to virus control centers);
- process control network (with PLCs and Step 7 stations)
must be separated from other local networks and Internet.

Moving towards more secure SCADA systems

In the post-Stuxnet world, the term "SCADA virus" was
coined by journalists and bloggers. Now, when I am
introduced to non-technical people, I may hear: "Oh, you work
with SCADA systems? You must be a virus expert!" I find
the term "SCADA virus" confusing and misleading and I tend
to avoid it, and here is why. Stuxnet affects only one type of
SCADA system and it doesn't really use SCADA for
propagation - infection through compromised WinCC
database is performed using OLE Automation stored
procedures, which is a Microsoft SQL Server feature not
related to SCADA. Siemens SCADA system just happened to
be the target of the malicious payload part of the virus, but in
theory it could be anything - a document management system
(to get access to sensitive corporate materials), a CRM system
(to borrow competitor's contacts and leads), an online game
(to steal other players passwords).

The fact that Stuxnet is actually a "regular" virus is good

news. This means anti-virus companies don't need to invent
some special kind of defense and we can keep taking usual
precautions to avoid infection. Just take them seriously - the
stakes are a bit higher than in the stolen game password
scenario. We already have all tools, we are aware of all good
practices - let's just apply them properly. No user software
running under super-user accounts, no removable media,
firewalls, no weak/default passwords, no security by
obscurity, controlled network access, code signing, up-to-date
operating systems - the list is long but well-known.

I would like to elaborate the process control network

separation aspect. Process control and PLC programming
tasks can be sand-boxed using a dedicated local network. But
HMI (Human-Machine Interface) applications that read and
write from/to the controlling device require direct access to the
device in most cases, intermediate database is not an option
due to excessive latency. I can see only one solution here:
HMI/SCADA developers must explicitly enforce production
data access restrictions using standard, well-known and
proven security solutions and practices. Every data read or
write request from HMI client stations to PLCs must be
authorized. No home-made security algorithms. No backdoors.
No plain passwords sent across the network.
Security in web-based solutions
Let's get straight to the big question: are web-based systems
more prone to cyber-attacks? Provided the server is able to
properly authenticate the user and client-server
communication channel guarantees data privacy and integrity,
the answer is "no". As an HMI/SCADA developer, do I need
to come up with some sophisticated algorithms to ensure
proper user authentication and channel security? No. Internet
security industry is sufficiently mature to provide developers
with correspondent technologies.

There is also a psychological aspect that influences

developer's behavior. When working on a web-based solution,
developers constantly keep in mind the fact that that every
piece of data sent between client and server is (potentially)
constantly being watched by people with bad intentions. This
thought fuels their sense of alarm and, eventually, makes them
produce secure design and code.
"...only real security is a pair of
wire cutters…"
I took this quote from this
posting and it makes sense to
me. Together with the simple
diagram on the right, it explains
why we probably will never see
a 100% secure industrial
automation system. Stuxnet
was a loud wake-up call for
SCADA developers and users,
hopefully it will create
additional motivation to move
towards the "Security" vertex
of the pyramid remembering
the closing line of the Symantec
paper:
"...Despite the exciting
challenge in reverse
engineering Stuxnet and
understanding its purpose,
Stuxnet is the type of threat we
hope to never see again.”
References
W32.Stuxnet Dossier, Nicolas Falliere, Liam O Murchu, and
Eric Chien, Symantec, Sep 2010
http://www.symantec.com/content/en/us/enterprise/media/secu
rity_response/whitepapers/w32_stuxnet_dossier.pdf

SCADA Watch: Things You Probably Wish You Didn’t

Know, Paul Ferguson, Trend Micro, Jan 2008
http://blog.trendmicro.com/scada-watch-things-you-probably-
wished-you-didnt-know/

Stuxnet Webinar Attendee Questions, Andrew Ginter,

Industrial Defender, Aug 2010
http://findingsfromthefield.com/?p=510

Tags: stuxnet, industrial automation, SCADA, HMI, Siemens,

WinCC, security, vulnerability, exploit, attack
entry list

SIMATIC WinCC / SIMATIC PCS 7: Information

concerning Malware / Virus / Trojan

Summary Internet document

Some malware, a so-called Trojan, is currently circulating

which affects Microsoft Windows PCs with WinCC and PCS
7. The malware spreads via mobile data carriers, for example
USB sticks, and networks. The Trojan is activated solely by
viewing the contents of the USB stick.

You will be receiving information here on the latest

developments and the measures recommended by Siemens.

Internet document Summary

 Important links:

Tool to detect and remove virus

SIMATIC Security Update (updated 18th August 2010)
Recommended procedure
Microsoft Security Patch
Further information
SIMOTION
SINUMERIK
Product information from October 21, 2010:

Manufacturers of virus scan software have reported massive

Stuxnet infections in some countries, with no distinction being
made as to whether office PCs or industrial systems are
affected. In none of the cases known to Siemens from the
industrial environment was a plant's control system affected.

In the three months since Stuxnet appeared for the first time, a
total of 19 Siemens customers worldwide from an industrial
environment have reported an infection with the Trojan (as of
October 21, 2010).

In all cases Stuxnet exploited security gaps in Windows-based

operating systems. The virus could be removed in every case
without any adverse effects on plant processes. In none of the
cases did Stuxnet influence control software or even attempt to
do so.

This behavior corresponds to the insights gained from the

analysis that Siemens carried out on the virus. Stuxnet
searches systematically for a very specific plant configuration.
If it does not find such a configuration, the virus is not
activated.

Product Information dated October 01, 2010:

Latest news on the infected computers::

To date, we know of 15 systems infected worldwide. In all
cases the malware could be removed. In none of these cases
did the infection cause an adverse impact to the automation
system. Since the end of August no new infections were
registered.
Recommended procedure for detecting and removing
"stuxnet" (updated August 04, 2010)

We recommend examining the following computer types:

Embedded systems (e.g. Microbox)

Other computers
Infrastructure computers (file servers, domain controllers,
other servers...)
Computers with and without WinCC installed
Virtual machines (e.g. VMWARE installations))
The individual activities should be carried out based on the
following procedure:

Important note:
ZIP files have to be stored as backup in advance.

A) Embedded systems:
These systems must be scanned from a second computer (not
an embedded system) via approved drives.

Update second computer like "Other computers" to avoid

mutual infection;
Connect the drives of the embedded system to the second
computer;
Open Windows Explorer on the second computer => Select
Connected network drives with a right-click => Initiate the
virus scan accordingly..

B) Other computers:

Determine whether your Microsoft Windows computer is

affected by the virus:
Use the Sysclean virus scan tool or the anti-virus programs
approved by Siemens from TrendMicro, McAfee or Symantec
with the patterns from July 25, 2010 or more recent
( 16 KB ) Please klick the figure to open

If a virus has been detected, please proceed as follows:

If your computer is infected, ensure that you inform your
Siemens Customer Support contact.
Together with the Siemens Customer Support, check the next
steps for your computer installation and/or plant:

Install the Microsoft Patch

Disconnect the computer from network immediately
Create a power user, but remain logged in with administrator
rights to execute the tool SYSCLEAN and the SIMATIC
Security Update.
Clean the computer with "Sysclean" with the "Automatically
Clean Infected Files" function activated
( 16 KB ) Please klick the figure to open

Install the Simatic Security Update

From this moment the computer must no longer be used with
administrator rights
Reboot the computer.
Log in as power user
Carry out another virus scan with your installed virus scanner
and leave the virus scanner to run permanently.
Restore the computer back to the network.
The following precautionary measures still apply:

All contacts with the outside world (customer data, USB

devices, others) must be tested and cleaned.
Do not use, if possible, any third-party USB sticks and/or
mobile data carriers.
Always check your safety concepts, e.g. deactivate/uninstall
services that are not required.
It´s recommended to install the Microsoft Patch, for those
operating systems, which are stated by Microsoft.

Product Information dated September 17, 2010:

Analysis of virus and status of investigations

The virus has been isolated on a test system in order to carry

out more extensive investigations. Previously analyzed
properties and the behavior of the virus in the software
environment of the test system suggest that we are not dealing
with the random development of one hacker, but with the
product of a team of experts who must have IT expertise as
well as specific know-how about industrial controls, their
deployment in industrial production processes and
corresponding engineering knowledge.
As far as we know at the moment, industrial controls from
Siemens are affected. The Trojan is activated whenever
WinCC or PCS7 software from Siemens is installed.
Further investigations have shown that the virus can
theoretically influence specific processes and operations in a
very specific automation environment or plant configuration in
addition to passing on data. This means that the malware is
able, under certain boundary conditions, to influence the
processing of operations in the control system . However, this
behavior has not yet been verified in tests or in practice.
The behavioral pattern of Stuxnet suggests that the virus is
apparently only activated in plants with a specific
configuration. It deliberately searches for a certain technical
constellation with certain modules and certain program
patterns which apply to a specific production process. This
pattern can, for example, be localized by one specific data
block and two code blocks.
This means that Stuxnet is obviously targeting a specific
process or a plant and not a particular brand or process
technology and not the majority of industrial applications.
This conclusion also coincides with the number of cases
known to Siemens where the virus was detected but had not
been activated, and could be removed without any damage
being done up to now. · This kind of specific plant was not
among the cases that we know about.

How is it possible to say whether an automation system

corresponds to the specific program pattern and what counter-
measures recommended are?
The malware carries its own blocks (for example, DB890,
FC1865,1874) and tries to load them into the CPU and
integrate them into the program sequence. If the above-
mentioned blocks are already present, the malware does not
infiltrate the user program.
If the above-mentioned blocks were not present in the original
program and are now detected, the virus has infected the
system. In this case Siemens urgently recommends restoring
the plant control system to its original state.

Is the current Microsoft Patch compatible with SIMATIC

Software

The current Microsoft Patch KB2347290 was successfully

tested with SIMATIC WinCC and SIMATIC PCS 7.
http://support.automation.siemens.com/WW/view/en/1849000
4
http://support.automation.siemens.com/WW/view/en/1875299
4
Product Information dated September 07, 2010:

Latest news on the infected computers:

To date, we know of 15 systems infected worldwide. In none
of these cases did the infection cause an adverse impact to the
automation system.
Product Information dated August 24, 2010:

Latest news on the infected computers:

To date, we know of 12 systems infected worldwide. In none
of these cases did the infection cause an adverse impact to the
automation system.

Product Information dated August 13, 2010:

We continue to recommend to customers that they utilize the
Siemens-approved virus scanner and make sure that they have
sufficient IT security standards in place (e.g. network security,
no active USB connections in the production environment,
etc.). Operating systems must be checked continuously to
ensure that they are up-to-date.

To the best of our knowledge right now, the malware is active

only when very specific project structures in the automation
system are present..

To date, we know of nine systems infected worldwide. In none

of these cases did the infection cause an adverse impact to the
automation system.

Product Information dated August 03, 2010:

Important note on the Microsoft Patch

The Microsoft Patch only prevents that the trojan from being
installed automatically on the system. If a user with admin-
rights opens an infected LNK-file by mouse click on a
computer on which the Microsoft Patch is installed, the
computer will become infected - if no virus scanner has been
installed. To avoid such an infection, it is strongly
recommended that users only log in with power user rights.
Power users do not have the necessary permissions to start
code from another drive. For additional security use an
approved virus scanner.

Latest news on the infected computers:

Currently we are aware of in total five customer cases
worldwide. A production plant has so far not been affected.

Product Information dated August 02, 2010:

Microsoft Patch available for closing the Microsoft security

breach:
Link to Microsoft Security Patch

Latest news on the infected computers:

Currently we are aware of in total four customer cases
worldwide. A production plant has so far not been affected.

Product Information dated July 29, 2010:

Latest news on the infected computers:

Currently we are aware of in total four customer cases
worldwide. A production plant has so far not been affected.

Product Information dated July 28, 2010:

Latest news on the infected computers:

Currently we are only aware of the two customer cases
worldwide mentioned on July 23, 2010. A production plant
has so far not been affected.

Product Information dated July 27, 2010:

Recommended procedure
Please find the updated, recommended procedure on top of
this entry.

Latest news on the infected computers:

Currently we are aware of the two customer cases worldwide
mentioned on July 23, 2010. A production plant has so far not
been infected.
Product Information dated July 26, 2010:

Latest news on the infected computers:

Currently we are only aware of the two customer cases
worldwide mentioned on July 23, 2010. A production plant
has so far not been affected.

Latest news on the virus tests:

We will inform you here as soon as we receive any new
information.

Product information dated July 23, 2010:

Recommendation
If your computer has been infected, please make sure that you
inform your Siemens Customer Support contact.

Tool for detecting and removing virus:

It is important that you always load the latest version of the
signature file from TrendMicro. The Product Information
dated July 22, 2010 continues to provide a link for
downloading the Sysclean tool from TrendMicro for detecting
and removing the virus.

We have given the download a checksum to ensure that the

downloaded file matches the original.
New Version of SIMATIC Security Update available
The SIMATIC Security Update has been updated and can now
be used for computers which do not have Simatic software
installed. The latest version is available for downloading in the
Product Information dated July 22, 2010.

We have given the download a checksum to ensure that the

downloaded file matches the original.

Latest news on the infected computers

Currently we know of two cases worldwide where a WinCC
computer has been infected. A production plant has so far not
been affected.

Latest news on the virus tests

The virus can spread via mobile data carriers such as USB
sticks and through networks.
We are continuing to investigate the behavior of the virus.

Foreign-language version of this site in preparation

These internet sites will soon be available in Chinese, French,
Italian and Spanish, in addition to German and English.

The following precautionary measures continue to apply:

Do not use any USB sticks or any other mobile data carriers.
Always check your security concepts: deactivate/uninstall
services that are no longer required, especially the connections
to the internet.
Do not set up any online connection with automation devices
from an infected engineering computer even after the malware
has been removed. We will be informing you what to do with
the engineering computer in such circumstances after further
tests.

Product Information July 22, 2010:

Tool now available to detect and remove virus

Sysclean, the publicized tool from TrendMicro for detecting
and removing the virus, is available for downloading. You can
now find out easily whether your computer has been infected
by the virus.
If your computer is infected, please inform your Siemens
Customer Support contact accordingly. As each plant is
individually configured, we cannot rule out the possibility that
removing the virus may affect your plant in some way.
Link for downloading Sysclean:
sysclean.zip ( 4608 KB ) checksum ( 739 bytes )

Note: Please observe the installation and usage instructions

After starting Sysclean this message is displayed:

Download the latest signaturfile from Trend Micro and unpack

this file into the folder "sysclean":
http://www.trendmicro.com/download/viruspattern.asp
Updating the virus patterns
Please make sure you keep the approved virus scanners up to
date (TrendMicro, McAfee, Symantec). There are currently
some new derivative versions of the original virus around.

SIMATIC Security Update available

Notes on the SIMATIC Security Update:

Please observe the installation and usage instructions - e.g.:

"...If you perform the update according to the Microsoft
Security Advisory "2286198", then the icons will be replaced
with standard Windows icons. Make sure that you assign
meaningful names to your desktop links and those in the
Windows Start menu to easily recognize them later. After a
Microsoft Security Update has been made available you will
receive another SIMATIC Security Update to restore the
icons....."
The SIMATIC Security Update checks, whether the Microsoft
Security Patch has been installed:
Microsoft Patch is installed => Microsoft Patch
functionality „Delete icons“ is reversed.
Microsoft Patch is not installed => Icon-protection is
activated
Link for downloading (updated 18th August 2010, V1.0.0.11)

SIMATIC_Security_Update_V1_0_0_11.exe ( 2258 KB )
checksum ( 756 bytes )

Our recommendations continue to apply:

Do not use any USB sticks or any other mobile data carriers.
Always check your security concepts: deactivate/uninstall
services that are no longer required, especially the connections
to the internet.
Do not set up any online connection with automation devices
from an infected engineering computer even after the malware
has been removed. We will be informing you what to do with
the engineering computer in such circumstances after further
tests.

Latest information on investigating the virus

We are carrying out intensive investigations on the behavior of
the virus. So far we have no indication that the virus is
affecting plant control systems.

Latest news on the infected computers

Currently there is still only one known case where a
customer's WinCC computer has been infected. The virus
infiltrated a purely engineering environment of a system
integrator, but was quickly eliminated. A production plant has
not been affected so far.

Product Information July 21, 2010: Question: Answer:

Basic General Questions
What is the Stuxnet Trojan/virus and what can it do? It is
software that is spread via a USB stick and uses a security
breach in Microsoft Windows. The virus affects operating
systems from XP and higher.
The software/malware detects SIMATIC WinCC and PCS 7
programs from Siemens and their data. It may also contact and
communicate with certain websites/servers.
Siemens has now established through their own tests that the
virus
is capable of sending process or production data.
tries to set up a connection via the internet. Tests have
revealed, that this connection is not completed because the
communication partners/target servers are apparently inactive.
As part of our analysis, we are checking to see whether the
virus is able to
send or delete system data, or
change system files.

What platforms are affected/may be affected? Based on

current information, the only platforms may be affected are
those where access to data or the operating system is possible
via a USB interface.
Normally every plant operator ensures, as part of his security
concept, that non-restricted access to critical SCADA system
data via a USB interface is not possible. Additional protective
devices like firewalls and virus scanners can also prevent
Trojans / viruses from infiltrating the system.

Has the virus already caused any damage? There is only one
known case of infection in Germany. We are, at present, trying
to find out whether the virus caused any damage.
Where does the virus come from? This is currently being
investigated.
Why is the virus attacking only Siemens applications or are
the software products of other suppliers also affected? As far
as we know, only Siemens is affected. The Trojan is activated
whenever WinCC or PCS 7 software is installed.
How is Siemens helping the affected customers? Microsoft
will be offering an update (patch) as soon as possible that will
close the security breach at the USB interface.
Suppliers of virus scanners have prepared up-to-date virus
signatures that are being tested by Siemens and should be
approved for use by Thursday, July 21, 2010 at the latest. The
virus scanners will be able to help to detect and eliminate the
virus.
Siemens will also be providing a software tool during this
week that customers can use to check a Windows PC to see, if
it has been infected by the virus. The tool will be distributed
through the Siemens Advisory:
English:
.../en/43876783
German:
.../de/43876783
Siemens will also be providing a SIMATIC Security Update
with all the necessary functions.

What immediate action would you advise customers to take?

Do not use any USB sticks
Install the updates as soon as they become available.

When will there be an official Siemens Advisory? The

Siemens Advisory already exists:
English:
.../en/43876783
German:
.../de/43876783
These sites will be updated on a daily basis to include the
latest developments.

Specific Questions
Which mechanism for authentication is used by WinCC? The
user login and the password for WinCC are freely definable
and have nothing to do with access to the internal database.
The internal system authentication from WinCC to the
Microsoft SQL database is based on pre-defined access data.
This data is not visible for the customer and is used as an
internal system mechanism for communication between the
WinCC system components and the database. Changing the
access data would impede communication between WinCC
and the database and is therefore not recommended.
Tightening up authentication procedures is being examined.

In our system manuals "Security Concept PCS 7 and WinCC",

which represent our recommendations to our customers, we
indicate very clearly how to enhance the security of these
systems.
One point, for example, is to deactivate/deinstall any services
that are not required:

.../en/38616083/133300

Whitepaper:
Security Concept PCS 7 and WinCC Basic Document, Section
6.3. This helps the customer to set up a secure environment via
virus scanners, firewalls and other measures recommended by
us.

Do you know who built the malware, how long it has been out
there? This is being investigated and will be pursued to full
extent of the law
Have there been any previous incidents like this, where
malware was built that actually targeted your systems and
infected your customers? Or is this the first time? To our
knowledge it is the first incident of a Trojan attending a
Siemens Scada system.
Product Information July 19, 2010:

Information is being spread over the Internet about a new

malware (trojan) which affects the visualization system
WinCC SCADA. This malware is distributed via USB sticks.
Just viewing the content of an USB stick could enable this
trojan.

We are currently performing a detailed analysis of the

malware, together with experts from the security community
to determine how this relates to the WinCC software. Our
specialists are working on a solution and we will continue to
provide you with updates as additional information becomes
available.

Entry ID:43876783 Date:2010-10-21

This entry is available in the following languages:

germanfrenchspanishchinese

More on SCADA
system SIMATIC WinCC

Newsletter

Operator control and

monitoring systems

Pre sales info

Catalog and ordering

system online

Technical Info
 Service & Support

Training

Contact & Partners

mySupport
All personal data,
information and
functions at a glance -
e.g.
My Documentation
Manager
Newsletter
CAx shopping
cart
Support Request

Contact
Support Request
Contacts
worldwide
Technical Forum

To this entry
Print
Create PDF
Send to a friend

Help

Online Help
Guided Tour

Airport
Baggag
 e
Handling

We help keep airports moving

Logistic
Systems

We help keep logistics moving

Customer

Support

We help keep our customers moving

• Home
o Customer Support

 Virus alert
 Customer
Support

• Upgrades & Enhancements

• Hotline Support
• Spare Parts Logistics
• Residential Service
• Field Service
• Customer Training
• Virus alert
• Customer Support References

Virus

alert

Crisplant recommends customers who have Siemens Simatic

Step 7 and/or Siemens WinCC software installed to take
preventative measures to protect their systems.
Crisplant Hotline has taken the necessary measures to virus
protect our Remote Logon Systems and thereby also Crisplant
customers’ systems from being virus infected while Crisplant
Hotline support is performed by Crisplant Hotline logon.
Crisplant will continue to monitor the threat level on a daily
basis. We are not currently aware of any system delivered by
Crisplant which has been infected with Stuxnet, however
Crisplant is fully aware of the potential threat towards our
customers’ systems.
About Stuxnet trojan
The Stuxnet virus has attacked industrial systems around the
world. These systems have all been equipped with Siemens
Simatic Step 7 and/or WinCC software.
• Step 7 is used by engineers to create and configure

software for Siemens' programmable controllers (PLC)

that operate in factories and manufacturing processes
• WinCC visualization software monitors automated

processes. It is a supervisory control and data acquisition

(SCADA) and human-machine interface (HMI) system
The Stuxnet could infect Microsoft Windows computers
where Siematic Step 7 or WinCC software is installed, and
from these it infects the Siemens PLC via the PLC code.
How to protect your system
Crisplant recommends customers who have Siemens Simatic
Step 7 and/or WinCC software installed to take preventative
measures to protect their systems. Updated virus protection
software must be installed on computers used for Siemens
Simatic Step 7 and/or WinCC software.
Crisplant Hotline engineers are instructed in virus awareness
and how to protect against the virus. Crisplant Hotline’s
sophisticated Remote Logon Systems are protected by using
antivirus systems to catch and remove any infection.
Crisplant Hotline Remote Logon access will only take place
using Crisplant Access Control System (CACS), a virtual
computer environment where Crisplant constantly runs
updated anti virus software. CACS is updated on an ongoing
basis using the latest Microsoft Windows security patches.

China and India tensions likeliest Stuxnet culprit

Or a misfire
11 Oct 2010 14:57 | by Andrea Petrou | posted in Security
• 9 Comments

•
A cyber security expert familiar with the matter has told us
Stuxnet likely originated from ongoing tensions between India
and China.

The W32/Stuxnet-B worm, which has caused major problems

in Iran and found on Siemens SCADA systems, is spread via
USB sticks, networked file-sharing PCs or CDs. It takes
advantage of a flaw in Windows Shell to attack the PCs
running Siemens' WinCC software.

Viewing the contents of the USB stick triggers the worm,

which has mainly been used to steal information rather than
damage systems themselves.

As it had impacted the Bushehr nuclear power plant in Iran, it

was thought Iran could have been the intended target. Israel
had emerged as the prime suspect.

Security experts familiar with government security have told

TechEye that a very likely source is China, which could have
developed the worm in a bid to breach its neighbour, India's,
systems.
 Provide remote support to PCs, Macs & smartphones

with LogMeIn – Try Now!

 New efficiencies lie ahead - see the new IBM System

x3650 M3 Express
  Click here to download Windows Phone 7 SDK now
Ads by TechEye
Along with Indonesia and Iran, India has had the most number
of infections from Stuxnet. India and Iran had about 60,000
and 13,000 Stuxnet infections respectively until late
September. Indonesia was at the third position with over 6,000
infections

"It's no secret that India sees China as a threat and of course

China isn't a stranger when it comes to cyber threats. One
reason why we think China could be behind the attack is
because India had the highest number of infections from
Stuxnet while Iran and Indonesia had less," a security expert
told us.

"It is known the two countries are at a cyber war with each
other and the fact that India was hit the most suggests China
could have been behind this."

India has plenty of cybersecurity staff working on "defence".

India is of course not green about possible cyber attacks.
In August the country began to round up software
professionals for the sole purpose of intelligence gathering and
defence against attack from both friendly and hostile nations.
Our source also told us the attack could have been a misfire
from the US or Israel.

"It's possible that India happened to get caught in the

crossfire," he said.

He also pointed out that only PCs using a specific Siemen's

software were infected, which are used by many Indian
government agencies.
Read more: http://www.techeye.net/security/china-and-india-
tensions-likeliest-stuxnet-culprit#ixzz14A4MGx6W

Stuxnet Worm Responsible for Destroying Indian Satellite

According to a US bound security researcher, Jeffrey Carr, the
Siemens-targeting Stuxnet worm created by Israel's military
was also behind the destruction of an Indian broadcasting
satellite, as reported by securecomputing in the first week of
October 2010.
He stated that there are even more and better theories to
explicate Stuxnet's motivation than just Iran and Israel, as
others have speculated recently.
While Stuxnet had made its way to the Iran's first nuclear
power plant, Carr stated that the Indian Space Research
Organization (ISRO), which utilized the flaw Siemens
devices, had also fallen prey to the Stuxnet worm.
Around half of the transponders on the Indian satellite INSAT-
4B closed down suddenly because of a solar panel failure on 9
July 2010.
Carr further states that the Siemens software, which is used in
ISRO's Liquid Propulsion Systems Centre, is S7-400 PLC and
SIMATIC WinCC, both of which would trigger on the Stuxnet
worm.
Commenting on his own findings, Carr stated that he believes
that most probably China is responsible for Stuxnet than any
other nation, as reported by Times of India on October 11,
2010. He added that he would furnish more details at the
forthcoming NASSCOM DSCI Security Conclave in Chennai
in December 2010.
On the other hand, ISRO completely denied Carr's theory and
its officials stated that the computer worm only attacked a
satellite's program logic controller (PLC). PLC's main task is
to control the complete "logic of the spacecraft''.
According to some source their team can prove that Insat-4 B
doesn't include a PLC. Hence, the possibilities of the Stuxnet
worm targeting the satellite appear less. Instead of PLC, Insat-
4B had its own self-designed software which controlled the
entire logic of the spacecraft, as reported by The Economic
Times on October 12, 2010.
The Stuxnet worm was first revealed in June 2010, a month
prior to the unexpected power failure at the INSAT-4B that
led to its breakdown. Since then there have been numerous
theories about the origin of the Stuxnet worm, which has
caused an extensive destruction around the world especially in
Indonesia, Iran, and India.
» SPAMfighter News - 15-10-2010

Stuxnet is beyond imagination. Bloggers claim its targets are beyond process, power and nuclear pla
systems are also being used in Space as well as Traffic control systems like railways. If you have seen D
can have your imagination rolling! Now its clear why hackers targeted Siemens systems. But still I ha
One of the blogs claim it could have even attacked India’s INSAT-4B satellite. Jeffery Carr on his blog s
2010, a power glitch in the solar panels of India’s INSAT-4B satellite resulted in 12 of its 24 transpon
down. As a result, an estimated 70% of India’s Direct-To-Home (DTH) companies’ customers were wi
India’s DTH operators include Sun TV and state-run Doordarshan and data services of Tata V
What does this have to do with the Stuxnet worm that’s infected thousands of systems, mostly in In
India’s Space Research Organization is a Siemens customer. According to the resumes of two former
worked at the ISRO’s Liquid Propulsion Systems Centre, the Siemens software in use is Siemens S7-
SIMATIC WinCC, both of which will activate the Stuxnet worm.”
The blogger has indicated that the PLC’s were used in Liquid Propulsion Systems Centre. Might be that t
used as safety systems for gas handling. Whether these PLC’s were used to control satellites is a re
And there has been lot of talk about SIL. SIL only represents reliability of the system and not s
What is a SIL? (ref: http://www.dyadem.com/services/additional-engineering-services/s
A SIL is a statistical representation of the reliability of the SIS when a process demand occurs. It is
ANSI/ISA-S84.01 and IEC 61508 to measure the reliability of SIS. Both ISA and IEC have agreed that
categories: SILs 1, 2 and 3. IEC also includes an additional level, SIL 4, that ISA does not. The higher
more reliable or effective the system is.
SILs are correlated to the probability of failure of demand (PFD), which is equivalent to the unavailabilit
the time of a process demand.
There has also a lot of SIL4 discussed on these blogs.
 What is SIL 4? (ref: http://www.gmigasandflame.com/sil_faqs.html#SIL4)
SIL 4 is the highest level of risk reduction that can be obtained through a Safety Instrumented System.
process industry this is not a realistic level and currently there are few, if any, products / systems tha
safety integrity level.
SIL 4 systems are typically so complex and costly that they are not economically beneficial to implemen
a process includes so much risk that a SIL 4 system is required to bring it to a safe state, then fundame
problem in the process design which needs to be addressed by a process change or other non-instrum
Quotes a Safety Systems professional “To attain SIL 4 the system has to be non micro processor based
secure. It is true that it is more secure as there is no software involved. However practically SIL4 a
currently”
This discussion on Siemens website supports it
(http://www.automation.siemens.com/WW/forum/guests/PostShow.aspx?PageIndex=1&PostID=181715
However there has been some work on SIL using Linux (Ref: SIL4LINUX). And some claims on Software
4 (www.firmafrance.com/Documents_Produits/Produit3396.pdf)
To conclude the SIL standards really do not ensure how secure the system should be from hacking
One more question! How come Windows in Iran. Noted this on Microsoft’s Website
(http://www.microsoft.com/exporting/faq.htm)
Are there certain countries you cannot ship Microsoft products to?
Yes. In general, Microsoft products may not be exported to Cuba, Iran, North Korea, Sudan, o
For automation professionals who would like to know more on the infection process read Symantec’s Ex
PLC Infection Process

Share/Bookmark
DCS , SIS , SECURİTY ANSI , AUTOMATİON , BLOGGERS , BLOGS , BOTH , CARR , CATEGORİE
COLLEAGUES , CUBA , CUSTOMER , CUSTOMERS , DATA , DİRECT , DİSCUSSİON , DOCUMENTS_PRODUİTS , D
DOUBTS , FAİLURE , FORUM , GLİTCH , GUESTS , HARD , HOME , İMAGİNATİON , İMAGİNATİONS , INDİA ,
İNFECTİON , INSAT , INSAT-4B , IRAN , ISRO , JEFFERY , KOREA , LANGUAGE , LİNUX , LİQUİD , METHOD , MİCR
NORTH , OPERATORS , ORGANİZATİON , PAGEINDEX , PANELS , PLANTS , POSTID , PROCESSOR , PRODUCTS
QUOTES , REDUCTİON , REPRESENTATİON , RESEARCH , RESULT , SATELLİTE , SERVİCES , SİEMENS , SIL4 ,
SOFTWARE , SOME , SPACE , STUNXNET , STUXNET , SUDAN , SUPPORTS , SYMANTEC , SYRİA , SYSTEM , SY
TRAFFİC , VSNL , WEBSİTE , WHETHER , WİNCC , WORM
« What is HART?
Stuxnet – The New Generation Control Systems C
Leave a Reply

Name (required)

Mail (will not be published) (required)

Website
You can use these HTML tags
 Submit Comment

« What is HART?
Stuxnet – The Stuxnet – The New Generation Control Sys
Computer Worm
ON OCTOBER 6TH, 2010

Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a securi
Belarus. It is the first discovered worm that spies on and reprograms industrial systems. It was specifi
attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor i
processes.Stuxnet includes the capability to reprogram the programmable logic controllers (PLCs) and h
(Ref: Wikipedia)
It is the first-ever computer worm to include a PLC rootkit.It is also believed to be the first worm to
industrial infrastructure. Furthermore the worm’s probable target has been said to have been high value
in Iran using Siemens control systems. It has also been said that the infestation by this worm might ha
start up of Iran’s Bushehr nuclear power plant. (Ref: Wikipedia)
As of end September 2010 the virus has widely affected Iran, Indonesia and India (Source: Stuxne
Microscope)
 (Image Source: Stuxnet Under the Microscope)
A high volume of detections in a single region may mean that it is the major target of attackers. How
targets may exist, and the promiscuous nature of the infective mechanism is likely to targeting
With its ability to attack industrial control systems, Stuxnet is the first computer virus that causes re
This also calls for nations to strengthen their Cyber Security. And soon cyber security will become a mu
industry, multiple times its current volume. I feel the control systems should move back to proprieta
systems. Gone are the days when these systems were designed and considered to be more secure. Wit
getting more open day by day with insecure implementation of Microsoft dominated OPC (OLE for Proce
integration with upper level solutions like ERP the probability of risk is even higher. The strength of t
strong as the weakest link. With new versions of Windows coming up there has been no increased sec
solution may be to design Windows operating systems catering to automation platforms.
While it is being claimed that there is remedy for Stuxnet, we really need to wait and see if it is yet to u
worm has been discovered for Siemens systems and if it is true that it is a nation state sponsored pro
many to come targeting all platforms taking a nation’s defense and economy to its contro

Share/Bookmark
DCS , SIS , SECURİTY ACQUİSİTİON , ATTACKERS , AUTOMATİON , BELARUS , BHOPAL , BULLİO
COMPUTER , CONTROL , CONTROLLERS , CYBER , DATA , DCS , DEFENSE , DESTRUCTİON , DİSASTER , DOLLAR
ERP , EXAMPLE , GAMES , GENERATİON , GOOGLE , HARD , HOLLYWOOD , İMAGE , İMAGİNATİON , INDİA ,
İNDUSTRY , İNFESTATİON , İNFRASTRUCTURE , IPS , IRAN , JUNE , LİFE , LOGİC , MASS , MECHANİSM , Mİ
MİCROSOFT , NATİON , NATİONS , NATURE , NUCLEAR , OLE , OOPS , OPC , PİECE , PLANT , PLATFORMS , PLC ,
REGİON , SCADA , SEPTEMBER , SİEMENS , SIS , SOLUTİON , SOURCE , STATE , STRENGTH , STUXNET , SU
SYSTEMS , THEMES , THREAT , TRAGEDY , UNDER , VERSİONS , VİRUS , VİRUSBLOKADA , WEAPON , WİKİPEDİ

« More on Stuxnet – Some Views

New Generation Control Systems C

© Advanced Plant Solutions - Your guide to Industrial Automation Disclaimer: The contents of this website are based o
public from sources believed to be reliable. No representation is made that it is timely, accurate or complete. B

s tuxnet ,PLC, W inCC,Siemensi le e ni yi e şleşen s onuçlar

t