Update: Malware affects Siemens WinCC and PCS7 equipment

The unwanted software’s main purpose may be industrial espionage.

UPDATE: Siemens Support Link for Stuxnet

28 SEP 2010: Keep up to date by visiting the Siemens Support Website:

Some malware, a so-called Trojan, is currently circulating which affects Microsoft Windows PCs with WinCC and PCS 7. The malware spreads via mobile data carriers, for example USB sticks, and networks. The Trojan is activated solely by viewing the contents of the USB stick.

Find the latest information and help on Stuxnet from the Siemens Support Website.

UPDATE: Microsoft releases patch

UPDATE-Microsoft has released a patch for the Stuxnet vulnerability, and Byres Security has updated its recommendations for addressing this critical SCADA-focused software worm. A revised white paper “Siemens PCS7 WinCC Malware” is available for download by all members now.

Readers can become a member by signing up. There is no charge, and Byres has created a very complete program to ensure member privacy.

Byres Security has also begun a blog called Practical SCADA Security. The intent is to provide clear and simple guidance when situations like Stuxnet occur.

The unwanted software's main purpose may be industrial espionage

Eric Byres, industrial network security specialist and chief technology officer of Byres Security Inc., reports investigating a new family of threats called Stuxnet, which appears to be directed specifically at Siemens WinCC and PCS7 products via a previously unknown Windows vulnerability. 

At the same time Byres also reports a concerted Denial of Service (DOS) attack against a number of the SCADA information networks such as SCADASEC and ScadaPerspective mailing lists. At least one of these services, he says, was brought down and taken off line.

Byres has been able to determine the following:

  • This is a zero-day exploit against all versions of Windows including Windows XP SP3, Windows Server 2003 SP 2, Windows Vista SP1 and SP2, Windows Server 2008  and Windows 7.
  • There are no patches available from Microsoft at this time, although there are some work-arounds (see below).
  • This malware is in the wild and probably has been for the past month.
  • The known variations of the malware are specifically directed at Siemens WinCC and PCS7 Products.
  • The malware is propagated via USB keys. It may also be propagated via network shares from other infected computers.
  • Disabling AutoRun does not help! Simply viewing an infected USB key using Windows Explorer will infect your computer.
  • The objective of the malware appears to be industrial espionage; i.e. to steal intellectual property from SCADA and process control systems. Specifically, the malware uses the Siemens default password of the MSSQL account WinCCConnect to log into the PCS7/WinCC database and extract process data and possibly HMI screens.

The only known work-arounds are:

  • Do not install any USB keys into any Windows systems, regardless of the OS patch level or whether AutoRun has been disabled or not.
  • Disable the displaying of icons for shortcuts (this involves editing the registry).
  • Disable the WebClient service.
Byres extracted and summarized the relevant data, and has assembled it in a short white paper called “Analysis of Siemens WinCC/PCS7 Malware Attacks.” Registered site users can freely download the white paper, and new visitors may register. Byres screens every new registration, so there may be a delay in processing. Byres may be contacted at 250-390-1333.

Did you enjoy this article? Click here to subscribe to Food Engineering Magazine.

You must login or register in order to post a comment.



Image Galleries

Food Engineering's Food Automation & Manufacturing Conference and Expo 2015

Images from Food Engineering's Food Automation & Manufacturing Conference and Expo in Clearwater Beach, Florida, April 12-15, 2015. The event brought food and beverage processors and suppliers together to gain valuable information on the latest trends and technologies in manufacturing, automation, sustainability and food safety.


Burns & McDonnell project manager RJ Hope and senior project engineer Justin Hamilton discuss the distinctions between Food Safety and Food Defense as well as the implications for food manufacturers of the Food Safety Modernization Act.
More Podcasts

Food Engineering

Food Engineering April 2015 Cover

2015 April

The April 2014 issue of Food Engineering features the Plant of the Year: Mars Chocolate. The first new Mars chocolate candy plant in North America in 35 years is not only LEED Gold certified, it’s highly automated as well.

Table Of Contents Subscribe

Plant Facility/Site Issues

What issue about your current plant facility/site keeps you up the most at night?
View Results Poll Archive


Food Authentication Using Bioorganic Molecules

This text provides critical tools and data needed to augment routine food analysis and enhance food safety by aiding in the detection of counterfeit, and potentially deleterious, foods.

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


FE recent tweets

facebook_40.pngtwitter_40px.pngyoutube_40px.png linkedin_40px.pngGoogle +

Food Master

Food Engineering Food Master 2015Food Master 2015 is now available!

Where the buying process begins in the food and beverage manufacturing market. 

Visit to learn more.