Connect with us

Hi, what are you looking for?



Vulnerabilities Found in Siemens Desigo PX, SIMATIC Products

Siemens has made available workarounds and patches that address medium and high severity vulnerabilities found in the company’s Desigo PX and SIMATIC automation products.

Siemens has made available workarounds and patches that address medium and high severity vulnerabilities found in the company’s Desigo PX and SIMATIC automation products.

The flaws have been described in advisories published by Siemens and ICS-CERT in the past days. The most serious of the issues, based on their CVSS score, affect all versions of SIMATIC S7-300 and S7-400 programmable logic controllers (PLCs).

The security holes, discovered by Zhu WenZhe from Beijing Acorn Network Technology, can be exploited to obtain credentials from a PLC configured with protection level 2, and cause a denial-of-service (DoS) condition by sending specially crafted packets to TCP port 80.

Siemens has not released patches for these vulnerabilities, but informed customers that the DoS flaw can only be exploited if the web server is manually enabled in the project configuration. Disabling the web server prevents attacks. As for the credentials disclosure issue, attacks can be prevented by applying protection level 3.

SAVE THE DATE: ICS Cyber Security Conference | Singapore – April 25-27, 2017

A different researcher from Beijing Acorn Network Technology has informed Siemens of a medium severity issue affecting SIMATIC WinCC SCADA systems and PCS7 distributed control systems (DCS). The flaw can be exploited to crash the application or leak memory content, but the attack only works if a local user can be tricked into clicking on a malicious link.

Siemens patched the vulnerability with the release of SIMATIC WinCC V7.2 and SIMATIC PCS 7 V8.0 SP1.

Advertisement. Scroll to continue reading.

The last advisory describes a cryptographic issue in Desigo PX, automation stations and operator units designed for controlling and monitoring building systems.

“The affected devices use a pseudo random number generator with insufficient entropy to generate certificates for HTTPS, potentially allowing remote attackers to reconstruct the corresponding private key,” Siemens said.

The issue affects various Desigo PX Web modules for automation controllers running firmware versions prior to 6.00.046.

Related: Privilege Escalation Flaw Affects Several Siemens Products

Related: Siemens Releases Firmware Updates to Patch SIMATIC Flaws

Related: Siemens Patches Flaws in SIMATIC, License Manager Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.