Mitigation for Siemens WinCC Woes

Friday, June 21, 2013 @ 04:06 PM gHale


Siemens created an update to fix vulnerabilities that impact the WinCC Web Navigator 7.2, according to a report on ICS-CERT.

Exploitation of these remotely exploitable vulnerabilities, discovered by researcher Alexander Tlyapov of Positive Technologies, could allow an attacker to probe for valid NetBIOS user names, log onto the system as an authenticated user, or have full access to the system. This could affect multiple industries, including food and beverage, water and wastewater, oil and gas, and chemical sectors worldwide.

RELATED STORIES
Siemens Updates COMOS Holes
Rush to Fix Medical Device Bug
IOServer Fixes Improper Input Validation
Schneider Mitigates PLCs Holes

The following Siemens products suffer from the issue: WinCC 7.2 and earlier, and SIMATIC PCS7 V8.0 SP1 and earlier.

Successful exploitation of these vulnerabilities may result in an attacker having the ability to probe for valid NetBIOS user names, log onto the system as an authenticated user, or have full access to the system running the software.

Munich, Germany-based Siemens develops products mainly in the energy, transportation, and healthcare sectors.

WinCC Web Navigator 7.2 is a software package used as an interface between the operator and the programmable logic controllers (PLCs).

WinCC Web Navigator 7.2 performs the following tasks: Process visualization, operator control of the process, alarm display, process value and alarm archiving, and machine parameter management. This software is used in many industries, including food and beverage, water and wastewater, oil and gas, and chemical.

The WinCC Web Navigator 7.2 has input filtering in the login screen an attacker can overcome, allowing injection of SQL statements into queries. By manipulating the database, an attacker can elevate his rights. This could allow the attacker to gain full system access.

CVE-2013-3957 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.

The WinCC Web Navigator 7.2 has hard-coded credentials used in the login system. Attackers with network access and knowledge of the credentials could log into the Web Navigator Web applications as an authenticated user. This could allow the attacker to execute any system action provided to an authenticated user.

CVE-2013-3958 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.5.

The WinCC Web Navigator 7.2 allows a user with authenticated access to probe for valid NetBIOS user names by manipulating URL parameters. This could allow the attacker to obtain user names with heightened privileges.

CVE-2013-3959 is the number assigned to this vulnerability, which has a CVSS v2 base score of 4.0.

An attacker with a low skill would be able to exploit these vulnerabilities.

Siemens has produced a software update that resolves these vulnerabilities. The update works on all versions of WinCC Web Navigator starting with Version 7.2. Siemens recommends asset owners and operators contact Siemens customer support to acquire the update.

Click here for Siemens update information.

Click here for Siemens security advisory.



Leave a Reply

You must be logged in to post a comment.