Stuxnet
The bug exposed by Billy Rios means anyone can hack into the infrastructure-controlling systems Reuters

Siemens has lied to the press about security bugs that could affect critical infrastructure, according to a security expert who has made public the password for Siemens' machinery.

Billy Rios is a security engineer for a software company and has written on his personal blog that Siemens' SIMATIC systems can be easily hacked into and controlled remotely by anyone with an internet connection.

Rios claims that Siemens PR told a Reuters reporter that "there are no open issues regarding authentication bypass bugs at Siemens," contrary to what Rios believes.

"In May of this year," he writes, "I reported an authentication bypass for Siemens SIMATIC systems. These systems are used to manage Industrial Control Systems and Critical Infrastructure. I've been patiently waiting for a fix for the issue which affects pretty much every Siemens SIMATIC customer."

The security engineer then went on to disclose the username and password for Siemens SIMATIC systems and adds that "If a user changes their password to a new password that includes a special character, the password may automatically be reset to "100". Yes, you read that correctly..."

Siemens SIMATIC systems were recently compromised by the famous Stuxnet virus, which was able to embed itself into Siemens' computer systems.

Stuxnet is the most sophisticated computer virus known to man. Discovered in June 2010, the virus spreads via a backdoor exploit in Microsoft Windows and targets industrial software made by Siemens in an attempt to sabotage uranium enrichment facilities.

In an interview with the Sunday Times earlier this month, Ralph Langner, who is the analyst that deciphered Stuxnet, said: "Everybody is going crazy about the offensive capabilities and opportunities it [Stuxnet] gives you. What people don't realise is how easy such attacks are, and that you don't need the resources of a nation state to pull them off."

Rios continued to explain that the session cookie returned by SIMATIC when a user logs in appears secure, but he found that almost the same cookie is returned every time a user logs in. He goes on to explain that, once decoded, the values of the cookies are "totally predictable".

Microsoft describes a cookie as a small file "that websites put on your computer hard disk when you first visit...an identification card that's uniquely yours." Cookies are used to notify the site when you return to it and information is sent to the website so it knows how often you visit and how long you stay on the page for.

Rios continued: "For those non-techies reading this... what can someone do with this non-existent bug? They can use this to gain remote access to a SIMATIC HMI which runs various control systems and critical infrastructure around the world... aka they can take over a control system without knowing the username or password. No need to worry though, as there are "no open issues regarding authentication bypass bugs at Siemens."

The engineer concluded: "Next time, Siemens should think twice before lying to the press about security bugs that could affect the critical infrastructure....to everyone else, Merry Christmas".