If you look after the Large Hadron Collider you should read this…

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

A Russian security researcher has uncovered security vulnerabilities that could allow a malicious attacker to conduct man-in-the-middle attacks, denial‑of‑service attacks, and possibly authenticate themselves as valid users.

So far, so much par for the course.

But what makes this vulnerability disclosure by Ilya Karpov of Positive Technologies particularly noteworthy, as The Register reports, is that the vulnerabilities were found in Siemens SIMATIC HMI devices used to control critical systems at petrochemical facilities, power plants and even the Large Hadron Collider.

Yes, you can imagine how that could cause problems…

Sign up to our free newsletter.
Security news, advice, and tips.

Large Hadron Collider

One of the vulnerabiities, as described in ICS-CERT’s advisory explains that a hacker might only need a hash of the system’s password – rather than the password itself – to gain access to privileged systems.

If attackers obtain password hashes for SIMATIC WinCC users, they could possibly use the hashes to authenticate themselves. This vulnerability affects SIMATIC WinCC and SIMATIC PCS 7.

Threats such as Stuxnet and Dragonfly have raised the public’s awareness of the need to properly protect industrial control systems (ICS) which control critical infrastructure such as the management of electrical, water, oil, gas and data supplies.

Siemens says it has now patched the vulnerabilities.

Nonetheless, you think you had a headache keeping your home computer updated with security patches? Just imagine if you were responsible for securing the Large Hadron Collider or a nuclear plant…


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “If you look after the Large Hadron Collider you should read this…”

  1. coyote

    On the subject of protecting nuclear plants…

    http://www.bbc.co.uk/news/world-us-canada-32663107

    And as for the character limit, while it is probably not a problem at 3000 characters (even for me mostly), the issue of quoting comes to mind as that adds up. Maybe you could have a way that quotes the article (I don't mean the full article but portions of). Perhaps this isn't a problem even, but I'm raising the point now just in case (at least it isn't like the BBC where they limit to 400 characters). But until this sentence it was 2494 characters left, and I didn't write all that much (though amusingly almost all of it is about the character limit itself).

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.