You don’t need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week.
The bug in Intel’s Active Management Technology emerged in June. It allowed a user to exploit AMT features with an empty login string, and has been shipping in processors since 2010.
In Siemens’s case, 38 product series use vulnerable Intel chipsets (the company lists them in this PDF). They include SIMATIC industrial PCs, SINUMERIK control panels and SIMOTION P320 PCs.
The company has shipped patches for the SIMATIC PCs, but is still working on the control panel products.
Patches are listed here.
Source: The Register