Siemens Fixes WinCC Vulnerabilities

Wednesday, February 18, 2015 @ 04:02 PM gHale

Siemens created a service pack that mitigates the authentication vulnerabilities in its SIMATIC WinCC TIA Portal application, according to a report on ICS-CERT.

SIMATIC WinCC TIA Portal: All versions prior to V13 SP1 suffer from the remotely exploitable vulnerability, discovered by Gleb Gritsai, Roman Ilin, Aleksandr Tlyapov, and Sergey Gordeychik from Positive Technologies.

Siemens Offers STEP 7 Service Pack
Advantech Patches Buffer Overflow
Microsoft: Control System Warning
GE, MACTek Integrate HART DTM Fix

An attacker exploiting these vulnerabilities could possibly reconstruct used passwords or escalate privileges.

Siemens is a multinational company headquartered in Munich, Germany.

The affected product, SIMATIC WinCC TIA Portal, is engineering software for SIMATIC products. This software works across several sectors including chemical, energy, food and agriculture, and water and wastewater systems. Siemens estimates these products see use primarily in the United States and Europe with a small percentage in Asia.

The remote management module of WinCC TIA Portal Multi Panels and Comfort Panels, and WinCC RT Advanced transmits weakly protected credentials over the network. Attackers capturing network traffic of the remote management module could possibly reconstruct used passwords.

CVE-2015-1358 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 4.3.

A hard-coded encryption key used in WinCC RT Professional could allow attackers to escalate their privileges if the application’s network communication with an authenticated user ended up captured.

CVE-2014-4686 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

No known public exploits specifically target these vulnerabilities. An attacker with a low skill would be able to exploit these vulnerabilities.

Siemens provides Service Pack 1 for SIMATIC WinCC TIA Portal V13 which mitigates the vulnerabilities.

For more information on these vulnerabilities and detailed instructions, click on Siemens Security Advisory SSA-543623.

Leave a Reply

You must be logged in to post a comment.