Siemens announced that a security leak found in software that gets used, among others, in nuclear powerplants, is difficult to utilize for hackers. The researcher who discovered the leak disagrees and states that the German company is trying to safe face. Security researcher Dillon Beresford was going to give a presentation about leaks in the Simatic programmable logic controller (PLC) software but has cancelled this on request by the US government and Siemens.
According to Siemens the leaks have been discovered in ‘special lab conditions’ with unlimited access to protocols and controllers and therefore difficult to exploit. Beresford disagrees simply by stating that he added a module to the freely available Metasploit penetration testing framework which will possibly only be released after Siemens has released a patch for the leak.
Beresford further noticed that criminals do not act by the same moral standards as he does.
