The Swiss manufacturer Saia-Burgess has a firmware update for published its industrial control [1] , which of the documented by heise Security vulnerability [2] in the authentication remote maintenance access to fix finally – after we have informed the company about the problem for over half a year. However, even after installing the safe firmware version reckless to make these systems directly accessible via the Internet
. <- RSPEAK_STOP -> 
The tracked by us control system of a Hessian prison could have control over the Internet. Industrial control of Saia-Burgess apparently enjoying great popularity: You switch and control in data centers, water plants, prisons, and even churches. According to the manufacturer to be in use worldwide than 200,000 of these controllers with network connection. How c’t and H Security in May reported [3] , such controls are, however, often carelessly connected directly to the Internet. Thus, anyone can knock off the sometimes safety-critical systems remotely for vulnerabilities. Such a gap exists in the Saia-Burgess Controls, which has fatal consequences: an unauthorized person on the Internet easy to take control
This is now called the cosine controller firmware to version 1.22 [4th ] prevent. The manufacturer promises that the admin password of the system longer in plain text can no longer read from a distance after the update. In addition authentication of the web interface will now take place within the controller, instead of the current
via a Java applet that runs on the computer of the one who wants to gain access.
Also, Saia-Burgess still some more changes for the benefit of security made: Upon delivery, now the web server and FTP and SSH access not always equal a standard access accessible, but simply disabled. In addition, faulty code signing certificates have been replaced, so it is no longer necessary now to reduce the Java security level of the client to access the controls. Although Saia-Burgess has eliminated some fundamental flaws in the safety concept of its industrial controls, you should refrain as far as possible, to make the systems directly accessible via the Internet. The small embedded computer control systems have to counter the attacks from the Internet little. This is not only true for the control of Saia-Burgess, but for everyone. There is only one way to remote maintenance of industrial installations via the Internet: the consistent use of encrypted VPN tunnels and beyond the strict separation of normal company and the plant network. This step is now also the heating manufacturer Vaillant, whose networked EcoPower heaters [5] are also affected by the security breach of Saia controllers [6] . Vaillant has recently – begun to upgrade the free Saia equipped with a heating controller with a VPN box – a months later than announced. In addition, the Vaillant heating technicians install the hedged firmware version 2.05, which includes the activities carried out by Saia-Burgess changes. For the approximately 1,500 customers affected by these measures, Vaillant has set up a hotline at 0800-9999-3000, which is reachable for more information weekdays from 8 to 18 clock. See also :Critical vulnerability in hundreds of industrial plants [8]
federal government needs to express uncertain industrial plants [9]
Vulnerable Industrial equipment: Remote controlled House of God [10]
( Louis F Steel .) / <- RSPEAK_STOP -> ( rei [11] )
<- RSPEAK_START -> <- AUTHOR-DATA-END-MARKER - >
