Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens Fixes Critical Vulnerabilities in WinCC SCADA Products

Vulnerabilities Expose SCADA Systems to Remote Attacks

Siemens has released software updates to address two critical vulnerabilities in its SIMATIC WinCC supervisory control and data acquisition (SCADA) system, one of which could be exploited remotely by an unauthenticated attacker.

Vulnerabilities Expose SCADA Systems to Remote Attacks

Siemens has released software updates to address two critical vulnerabilities in its SIMATIC WinCC supervisory control and data acquisition (SCADA) system, one of which could be exploited remotely by an unauthenticated attacker.

The German industrial products giant has also released software updates for WinCC, PCS 7 and TIA Portal products, and said that it is working on additional updates for other versions of the affected products.

SIMATIC WinCC is used to monitor and control physical processes involved in industry and infrastructure, and is often used in industries such as oil and gas, chemical, food and beverage, water and wastewater. PCS 7 is a distributed control system (DCS) integrating SIMATIC WinCC, and TIA Portal is the company’s engineering software used for SIMATIC products.

Siemens LogoThe first vulnerability (CVE-2014-8551) within WinCC is rated as critical, with a CVSS Base Score or 10.0. The flaw could allow remote code execution for unauthenticated users if specially crafted packets are sent to the WinCC server, according to the security advisory from Siemens ProductCERT published Nov. 21.

The second vulnerability (CVE-2014-8552), also a component within WinCC, could allow an unauthenticated attacker to extract arbitrary files from the WinCC server by sending specially crafted packets to the server. However, in order to exploit this flaw, the attacker must have network access to the affected system, Siemens said.

While Siemens prepares additional software updates, the company’s ProductCERT team suggests that customers mitigate the risk of their systems by implementing the following steps:

• Always run WinCC server and engineering stations within a trusted network

• Ensure that the WinCC server and the engineering stations communicate via encrypted channels only (e.g. activate feature “Encrypted Communications” in WinCC V7.3 (PCS 7 V8.1), or establish a VPN tunnel)

• Restrict access to the WinCC server to trusted entities

• Apply up-to-date application whitelisting software and virus scanners

Late last month, ICS-CERT warned of an ongoing attack campaign targeting industrial control systems, including WinCC products, that has been ongoing since at least 2011. The campaign is using a variant ofthe BlackEnergy malware. BlackEnergy has been linked to a number of attacks, including the recently disclosed activities of the Sandworm Team.

“ICS-CERT has determined that users of HMI products from various vendors have been targeted in this campaign, including GE Cimplicity, Advantech/Broadwin WebAccess, and Siemens WinCC,” according to the advisory. “It is currently unknown whether other vendor’s products have also been targeted.”

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Vulnerabilities

A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.