Siemens Updates WinCC Fixes

Wednesday, December 3, 2014 @ 03:12 PM gHale

Siemens updated a vulnerability within products utilizing the Siemens WinCC application, according to a report on ICS-CERT.

While there is a patch that mitigates this vulnerability in the WinCC application, Siemens is working to fix other affected products to address another vulnerability in the WinCC application.

These issues are remotely exploitable and exploits that target these vulnerabilities are available.

RELATED STORIES
MatrikonOPC Mitigates Vulnerability
Siemens Mitigates Critical Vulnerabilities
Advantech Deals with Multiple Vulnerabilities
Rockwell Mitigates ActiveX Vulnerabilities

The following Siemens products suffer from the issue:
SIMATIC WinCC
• V7.0 SP2 and earlier: All versions
• V7.0 SP3 and earlier: All versions
• V7.2: All versions prior to V7.2 Update 9
• V7.3: All versions prior to V7.3 Update 2

SIMATIC PCS7
• V7.1 SP4 and earlier: All versions
• V8.0: All versions prior to V8.0 SP2 with WinCC V7.2 Update 9
• V8.1: All versions with WinCC V7.3 prior to V8.1 Update 2

TIA Portal V13 (including WinCC Professional Runtime):
• All versions prior to V13 Update 6.

These vulnerabilities allow for unauthenticated remote code execution.

Siemens is an international company headquartered in Munich, Germany. The affected product, SIMATIC WinCC, is a supervisory control and data acquisition (SCADA) system. PCS7 is a distributed control system (DCS) integrating SIMATIC WinCC. TIA Portal is engineering software for SIMATIC products. This software deploys across several sectors including chemical, energy, food and agriculture, and water and wastewater systems. Siemens estimates that these products see use primarily in the United States and Europe with a small percentage in Asia.

A component within WinCC could allow remote code execution for unauthenticated users if specially crafted packets end up sent to the WinCC server.

CVE-2014-8551 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 10.0.

In addition, a component within WinCC could allow unauthenticated users to extract arbitrary files from the WinCC server if specially crafted packets end up sent to the server.

CVE-2014-8552 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

Exploits that target these vulnerabilities are potentially available. Indicators exist this vulnerability may have been exploited during a recent campaign. An attacker with a low skill would be able to exploit these vulnerabilities.

Siemens has released updates for the following products and encourages customers to upgrade to the new versions as soon as possible:

TIA Portal V13 (including WinCC Professional Runtime)
• Upgrade to WinCC V13 Update 6

WinCC 7.2
• Upgrade to WinCC 7.2 Update 9

PCS 7 V8.0 SP2
• Upgrade to WinCC 7.2 Update 9
• Upgrade to OpenPCS 7 V8.0.1 Update 5
• Upgrade to Route Control V8.0.1 Update 4
• Upgrade to BATCH V8.0.1 Update 11

WinCC 7.3
• Upgrade to WinCC 7.3 Update 2

PCS 7 V8.1
• Upgrade to WinCC 7.3 Update 2
• Upgrade to OpenPCS 7 V8.1 Update 1 is in preparation
• Upgrade to Route Control V8.1 Update 1 is in preparation
• Upgrade to BATCH V8.1.1 Update 1 is in preparation

Siemens is preparing updates for the other affected products, which will fix the vulnerabilities. In the meantime, customers should mitigate the risk of their products by implementing the following:
1. Always run WinCC server and engineering stations within a trusted network.
2. Ensure the WinCC server and the engineering workstations communicate through encrypted channels only (e.g., activate feature “Encrypted Communications” in WinCC V7.3, or establish a VPN tunnel).
3. Restrict access to the WinCC server to trusted entities.
4. Apply up-to-date application whitelisting software and virus scanners.

As a general security measure, Siemens recommends protecting network access to the SIMATIC WinCC server with appropriate mechanisms. It is also advised to follow recommended security practices and to configure the environment according to operational guidelines in order to run the devices in a protected IT environment.

For more information on these vulnerabilities and detailed instructions, click on Siemens Security Advisory SSA-134508.



Leave a Reply

You must be logged in to post a comment.