o Siemens is working on a fix for some serious vulnerabilities recently discovered in its industrial control system products used to manage machines on the factory floor.The company said Thursday that it was testing patches for the issues, just one day after a security researcher, Dillon Beresford of NSS Labs, was forced to cancel a talk on the issue because of security concerns.NSS Labs had been working with Siemens and the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response (ICS CERT) on addressing the issues for the past week-and-a-half. But the company decided to pull its talk when it turned out that Siemens’ proposed fixes were not completely effective, according to Rick Moy, CEO of NSS Labs.Siemens didn’t say when it expected to fix the problems. “Our team continues to work diligently on this issue — also together with both NSS Labs and ICS CERT. We are in the process of testing patches and developing mitigation strategies,” Siemens said in a statement. Industrial control systems have come under increased scrutiny in the year since the Stuxnet worm was discovered. Stuxnet, thought to have been built to disrupt Iran’s nuclear program, was the first piece of malware built with industrial systems in mind, and it targeted a Siemens system.Since then, security researchers have been poking and prodding all sorts of industrial devices, and by all accounts, they’ve found plenty of bugs. While Siemens may be developing patches, installing them will be another issue entirely. Industrial systems are difficult to patch; entire production lines may have to be taken offline for a fix to be rolled out, and that can take months of planning. Many factories run old, unpatched systems and it’s still common to see unsupported systems such as Windows 2000 on the factory floor.Not much is known about the Siemens bugs themselves, but in an interview Wednesday, Moy described them as serious enough to allow hackers to control a Siemens PLC (programmable logic controller) system.But in its statement, Siemens downplayed the issue somewhat, implying that the flaws might be difficult for the typical hacker to exploit. “While NSS Labs has demonstrated a high level of professional integrity by providing Siemens access to its data, these vulnerabilities were discovered while working under special laboratory conditions with unlimited access to protocols and controllers,” Siemens said.Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe