WinCC Vulnerabilities Patched

Wednesday, July 6, 2011 @ 12:07 PM gHale

There are exploitable crashes in the Siemens SIMATIC WinCC SCADA product, according to the ICS-CERT. Specially crafted files can cause memory corruption or pointer issues, which can cause the system to crash.

The ICS-CERT Advisory originally released June 24, but there was a delay in the actual release to allow users time to download and install the update. ICS-CERT received a report from independent security researchers Billy Rios and Terry McCorkle.

Adobe Patches Up Flash, Reader
Critical Microsoft Patches Hit Street
SCADA Vulnerabilities in Ecava Line

ICS-CERT coordinated with the researchers and Siemens to assist with releasing an update that successfully mitigates these vulnerabilities. The researchers validated this update successfully mitigates these vulnerabilities.

Siemens reports this vulnerability affects the following versions of WinCC:
• ProTool 6.0 SP3 (phased-out)
• WinCC flexible 2004 (phased-out)
• WinCC flexible 2005 (phased-out)
• WinCC flexible 2005 SP1
• WinCC flexible 2007
• WinCC flexible 2008
• WinCC flexible 2008 SP1
• WinCC flexible 2008 SP2.

If there was a successful exploitation, the results could lead to a memory corruption, which could then execute arbitrary code.

The Siemens SIMATIC WinCC is a software package used to develop network-based plant visualization systems. WinCC can be a stand-alone SCADA system or as the human-machine interface component of a larger SIMATIC system. WinCC sees use in industries including food and beverage, water and wastewater, oil and gas, and chemical.

The system has the following vulnerabilities:
1. Memory Corruption: client side exploit that allows arbitrary code execution.
2. DoS / Null pointer issues: client side exploit.

An attacker cannot initiate the exploit from a remote machine. Instead, the exploit can occur when a local user runs the vulnerable application and loads the carefully crafted exploit file.

One of the main ingredients to a successful exploit comes with social engineering. The attacker must convince the user to accept the malformed file. Additional user interaction will also need to occur to load the malformed file, decreasing the likelihood of a successful exploit.

Siemens released an update mitigating this vulnerability. This update is available on their website.

ICS-CERT recommends system operators thoroughly test new releases of software before installing them on critical production systems.

Leave a Reply

You must be logged in to post a comment.