Siemens has announced patches for flaws in its industrial control systems discovered by independent researchers nearly a month ago, but the US government has warned that there are still reported problems with the systems.
The German engineering conglomerate was heavily criticised for its lax response after researchers at NSS Labs found the flaws in its Simatic S7-1200 micro programmable logic controller.
Siemens was accused of trying to duck the problems despite being effectively given thousands of pounds worth of free research.
However, Siemens said in a statement on its site that the company had released a firmware update for two vulnerabilities, one of which, known as a replay attack, could allow hackers to take control of the system, while the other could allow for denial-of-service (DoS) attacks.
"The latest firmware update for the S7-1200 will offer corrective action for enhancing protection against replay attacks as well as increased stability when facing the above-mentioned DoS scenario. The firmware update will be available in June," noted Siemens.
"The S7-300 and S7-400 controllers are not affected by the DoS scenario, so there is no need for any firmware update with these controllers."
The US ICS-CERT issued an update confirming the security advisory, but warned that it patches only "a portion" of the reported vulnerabilities.
"ICS-CERT has confirmed the effectiveness of this patch and continues to work with Siemens and [NSS researcher] Dillon Beresford on the other reported problems," the security organisation said.
Only 35 per cent of IT decision makers regularly review their data formats
One-third of CIOs admit that their organisation has fallen victim to a security breach in the last two years
CIOs warn that companies are losing battle against cyber crime
Government hasn't revealed number of SMBs that have signed up to G-Cloud 9
More fingers of blame pointed at gangs linked to North Korean government