Siemens Adds More WinCC Fixes

Friday, December 12, 2014 @ 12:12 PM gHale


Siemens updated a vulnerability within products utilizing the Siemens WinCC application, according to a report on ICS-CERT.

While there is a patch that mitigates this vulnerability in the WinCC application, Siemens is working to fix other affected products to address another vulnerability in the WinCC application.

These issues are remotely exploitable and exploits that target these vulnerabilities are available.

RELATED STORIES
Trihedral Patches Overflow Hole
Yokogawa Patches XML External Entity
Yokogawa Mitigates CENTUM, Exaopc Holes
Emerson Updates RTU Mitigations

The following Siemens products suffer from the issue:
SIMATIC WinCC
• V7.0 SP3 and earlier: All versions
• V7.2: All versions prior to V7.2 Update 9
• V7.3: All versions prior to V7.3 Update 2

SIMATIC PCS7
• V7.1 SP4 and earlier: All versions
• V8.0: All versions prior to V8.0 SP2 with WinCC V7.2 Update 9
• V8.1: All versions with WinCC V7.3 prior Update 2

TIA Portal V13 (including WinCC Professional Runtime):
• All versions prior to V13 Update 6.

These vulnerabilities allow for unauthenticated remote code execution.

Siemens is an international company headquartered in Munich, Germany. The affected product, SIMATIC WinCC, is a supervisory control and data acquisition (SCADA) system. PCS7 is a distributed control system (DCS) integrating SIMATIC WinCC. TIA Portal is engineering software for SIMATIC products. This software deploys across several sectors including chemical, energy, food and agriculture, and water and wastewater systems. Siemens estimates that these products see use primarily in the United States and Europe with a small percentage in Asia.

A component within WinCC could allow remote code execution for unauthenticated users if specially crafted packets end up sent to the WinCC server.

CVE-2014-8551 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

In addition, a component within WinCC could allow unauthenticated users to extract arbitrary files from the WinCC server if specially crafted packets end up sent to the server.

CVE-2014-8552 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

Exploits that target these vulnerabilities are potentially available. Indicators exist this vulnerability may have been exploited during a recent campaign. An attacker with a low skill would be able to exploit these vulnerabilities.

Siemens has released updates for the following products and encourages customers to upgrade to the new versions as soon as possible:

TIA Portal V13 (including WinCC Professional Runtime)
• Upgrade to WinCC V13 Update 6
WinCC 7.0
Upgrade to WinCC 7.0 SP2 Update 11
http://support.automation.siemens.com/WW/view/en/107174184
WinCC 7.2
• Upgrade to WinCC 7.2 Update 9
WinCC 7.3
Upgrade to WinCC 7.3 Update 2

PCS 7 V8.0 SP2
• Upgrade to WinCC 7.2 Update 9
• Upgrade to OpenPCS 7 V8.0 Update 5
• Upgrade to Route Control V8.0 Update 4
• Upgrade to BATCH V8.0 Update 11

PCS 7 V8.1
• Upgrade to WinCC 7.3 Update 2
• Upgrade to OpenPCS 7 V8.1 Update 1
• Upgrade to Route Control V8.1 Update 1
• Upgrade to BATCH V8.1.1 Update 1

Siemens is preparing updates for the other affected products, which will fix the vulnerabilities. In the meantime, customers should mitigate the risk of their products by implementing the following:
1. Always run WinCC server and engineering stations within a trusted network.
2. Ensure the WinCC server and the engineering workstations communicate through encrypted channels only (e.g., activate feature “Encrypted Communications” in WinCC V7.3, or establish a VPN tunnel).
3. Restrict access to the WinCC server to trusted entities.
4. Apply up-to-date application whitelisting software and virus scanners.

As a general security measure, Siemens recommends protecting network access to the SIMATIC WinCC server with appropriate mechanisms. It is also advised to follow recommended security practices and to configure the environment according to operational guidelines in order to run the devices in a protected IT environment.

For more information on these vulnerabilities and detailed instructions, click on Siemens Security Advisory SSA-134508.



Leave a Reply

You must be logged in to post a comment.