Updates for SIMATIC WinCC, PCS 7 Hole

Tuesday, May 14, 2019 @ 09:05 PM gHale

Siemens has an upgrade that can handle a missing authentication for critical function vulnerability in its SIMATIC WinCC and SIMATIC PCS 7, according to a report with NCCIC.

Successful exploitation of this remotely exploitable vulnerability could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Lab discovered the vulnerability.

RELATED STORIES
Siemens Handles SIMATIC Holes
Siemens Fixes DoS in Fieldbus Product
Siemens Fixes SISHIP Software Holes
Orpak Updates Fix SiteOmat Holes

Siemens said the vulnerability affects the following SIMATIC products:
• SIMATIC PCS 7 v8.0 and earlier
• SIMATIC PCS 7 v8.1 and newer (if “Encrypted Communication” is disabled)
• SIMATIC WinCC v7.2 and earlier
• SIMATIC WinCC v7.3 and newer (if “Encrypted Communication” is disabled)

In the vulnerability, if affected installations do not have “Encrypted Communication” configured, an unauthenticated attacker with network access may be able to execute arbitrary code.

CVE-2019-10922 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

The product sees use in the chemical, energy, food and agriculture, and water and wastewater systems sectors. It is also deployed on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Siemens recommends the following mitigations:
• Upgrade SIMATIC WinCC to v7.3 or newer
• Upgrade SIMATIC PCS 7 to v8.1 or newer
• Enable “Encrypted Communications” (some newer versions have this enabled by default)
• Apply defense-in-depth concepts

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure their environment according to Siemens’ operational guidelines for industrial security and follow the recommendations in the product manuals.

Click here for additional information on Industrial Security by Siemens.

For more information on the vulnerability and more detailed mitigation instructions, see Siemens security advisory SSA-705517.



Leave a Reply

You must be logged in to post a comment.