Langner said that the media paid too much attention to the four, zero day Windows vulnerabilities that enabled the Stuxnet worm, but overlooked the other security holes used by the worm. Unlike the Windows vulnerabilities, which Microsoft quickly fixed, many of the holes in Siemens' products remain unpatched, he contends.
Langner enumerates three types of exploits used by Stuxnet — only one category of which (Windows operating system exploits) have been closed. The other two are Windows applications exploits aimed at Siemens Siemens Simatic Manager and the Siemens WinCC SCADA application, and controller exploits aimed at Siemens S70-300 and 400 series controllers."
Link to Original Source