Siemens has been very receptive to Positive Technologies' findings, Gordeychik said. With Stuxnet, Siemens appears to be experiencing the same sort of security wake-up call that Microsoft had when pernicious malware such as the Code Red worm appeared in 2001.
"I'm really surprised," Gordeychik said. "Other SCADA vendors don't want to talk about security at all."
Positive Technologies also released two security tools on Thursday relating to WinCC. The first is a module called WinCC Harvest for the Metasploit penetration testing tool that allows an attacker to collect information from a SQL database within a Siemens SIMATIC WinCC SCADA system.
The other tool, called PLCScan, is used to scan for programmable logic controllers, which are the electronic devices used to control machines in SCADA systems.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk