You don't need state-sponsored hackers to crack industrial control systems, just an empty Intel AMT login – something Siemens started patching against last week.
The bug in Intel's Active Management Technology emerged in June. It allowed a user to exploit AMT features with an empty login string, and has been shipping in processors since 2010.
In Siemens's case, 38 product series use vulnerable Intel chipsets (the company lists them in this PDF). They include SIMATIC industrial PCs, SINUMERIK control panels and SIMOTION P320 PCs.
The company has shipped patches for the SIMATIC PCs, but is still working on the control panel products.
Patches are listed here.
The other fix Siemens issued last week was for its ViewPort for Web Office Portal, which was vulnerable to crafted packets over HTTP or HTTPS, which could be exploited to upload and execute arbitrary code with system-level privilege. ®