SIMATIC WinCC / SIMATIC PCS 7: Information about Malware / Viruses / Trojan horses
Here we provide information about the latest developments and the measures recommended by Siemens for handling Stuxnet.
- Current status of infected computers
- Recommended procedure to identify and remove a Stuxnet infection
- Further technical information
|Updated||Current status of infected computers|
|11.03.2011||To date a total of 24 Siemens customers in the industrial sector worldwide have reported being infected with the Trojan horse. The malware was able to be removed in all cases. In none of these cases did the infection have an adverse impact on the automation solution.|
|Recommended procedure to identify and remove a Stuxnet infection|
We recommend examining the following types of computers:
Proceed as below to implement the various measures.
If your computer is infected, always inform your Siemens Customer Support and together work out the next steps for your computer installation and for your plant:
|Further technical information|
|Important note on the use of virus scanners for packed files|
Please make sure that you unpack packed files, ZIP files, for example, into a separate directory before doing a virus check. With certain settings of the virus scanner it might be the case that packed files are not checked thoroughly for a virus infection. Unpacking packed files ensures that a complete check is made in each case by the scanning mechanism.
|Information about the SIMATIC controllers CPU 315-2 and CPU 417|
The malware carries its own blocks (for example, DB890, FC1865,1874) and tries to load them into the CPU 315-2 and integrate them into the program sequence. If the above-mentioned blocks are already present, the malware does not infiltrate the user program. If the above-mentioned blocks were not present in the original program of CPU315-2 and are now detected, the virus has infected the system. In this case it is urgently recommended to restore the plant control system to its original state. When using the CPU 417 and a DB 8061 already in the project, the malware might possible change this when downloaded. If the DB8061 is not available in the project, there is no need to do anything.
Compatibility of the Microsoft updates with SIMATIC applications
Security note to Siemens Tecnomatix FactoryLink
Siemens_Security_Advisory_SSA-630126.pdf ( 70 KB )
|Tool for identifying and removing Stuxnet|
SIMATIC Security UpdateNotes:
|Microsoft Patch is available to close the Microsoft security gaps|
- You have a technical question / problem: Ask the Technical Support
- You want to discuss in our forum and exchange experiences with other users
- You want to create CAx data for one or more products
- You would like to send us feedback on this Entry