Application Notes

A major aerospace manufacturer needed to secure access to large mobile crawlers with PLCs for aircraft assembly.

To ensure that both IT access policies were enforced and that SCADA engineers maintained full control over their network systems and devices, an integrated solution was needed.

It was provided with the use of a SCADAnet architecture, IF-MAP standards and Tofino Endboxes, as discussed in this application note.

The Tofino Security Appliance can support virtually any controller, network device or communication protocol that uses Ethernet. This application note is a partial listing of the controllers, servers, application programs, and communication protocols that have pre-defined profiles in the Tofino CMP software version 1.7.0 and later. If you do not see your application or control system listed, please feel free to contact us.

One of the issues with Stuxnet is that in certain cases it will directly modify the PLC firmware and not just user logic. Erasing the CPU memory, including the MMC card, would completely clear out the memory on the S7 controllers and remove the worm.

In case you are not certain how to do this, we have provided the relevant section from the Siemens CPU 31xC and CPU 31x: Installation Manual.

Please remember that you must be certain that the STEP7 project file used to download the program after the memory reset is uninfected, otherwise you start all over again.  Stuxnet hid in STEP7 project files it to re-infect the ES when the project file was opened (Special thanks to Joel Langill for help confirming this).
 

Stuxnet is a computer worm designed to target one or more industrial systems that use Siemens PLCs. However, it is aggressive on all networks and can negatively affect any control system.

Stuxnet spreads rapidly using Local Area Network communications and one of the most effective ways to prevent this type of distribution is to make use of zone-based defenses.

Stuxnet is a computer worm designed to take advantage of a number of previously unknown vulnerabilities present in the Windows operating system and Siemens SIMATIC WinCC, PCS7 and S7 PLS systems.

It takes advantage of numerous vulnerabilities in the Windows operating system and the Siemens product line.  As a result, full mitigation requires multiple actions.

The Stuxnet Mitigation Matrix shows mitigation measures by Windows operating system and it includes dynamic links to detailed information on each of the patches and mitigations.