Siemens fixed WinCC flaws likely being exploited in the wild

The industrial supplier Siemens has patched two critical vulnerabilities in its solutions, Siemens WinCC application in use must be updated urgently.

The industrial supplier Siemens has patched two critical vulnerabilities in the Siemens application that bad actors are exploiting in the wild.

Siemens has also informed its customers that its researchers are already working on updates for other products affected by the same flaw. Every company that is using Siemens WinCC application is invited to apply the patches as soon as possible.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a security advisory (ICSA-14-329-02) that includes the list of affected systems:

• SIMANTIC WinCC: V7.0 SP2 and earlier: All versions; V7.0 SP3 and earlier: All versions; V7.2: All versions prior to V7.2 Update 9; and V7.3: All versions prior to V7.3 Update 2.
• SIMANTIC PCS7: V7.1 SP4 and earlier: All versions; V8.0: All versions prior to V8.0 SP2 with WinCC V7.2 Update 9; and V8.1: All versions with WinCC V7.3 prior to V8.1 Update 2.
• TIA Portal V13 (including WinCC Professional Runtime): All versions prior to V13 Update 6.

The SIMATIC WinCC is a SCADA application widely used in the industrial environments as visualization tool for the control systems. WinCC is part of the Simantic product family and is integrated into the HMI, or Human Machine Interface, component. TIA Portal is an engineering software used in the Simantic product line.

“The affected product, SIMANTIC WinCC, is a supervisory control and data acquisition (SCADA) system. PCS7 is a distributed control system (DCS) integrating SIMANTIC WinCC. TIA Portal is engineering software for SIMATIC products. This software is deployed across several sectors including Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems. Siemens estimates that these products are used primarily in the United States and Europe with a small percentage in Asia.” states the advisory of the ICS-CERT.

The Siemens systems affected by the vulnerabilities are vital components for the control of processes in several industries, including energy, chemical, food and agriculture and wastewater systems in the United States and Europe. Unfortunately the number of cyber attacks against these system is in constant increase, both cyber criminals and state-sponsored hackers have recently hit the SCADA systems for different purposes causing great concerns to the authorities.

One of the vulnerabilities is a remote code execution flaw coded as CVE-2014-8551 that is ranked by the ICS-CERT as very critical, its rating is 10 of 10.

“A component within WinCC could allow remote code execution for unauthenticated users if specially crafted packets are sent to the WinCC server,” ICS-CERT reports.

The vulnerabilities allow remote code execution without any authentication, and as explained by the experts their impact depends on many factors specific to each organization.

The exploitation of the first flaw allows a remote code execution while the second allows an attacker to steal files from a targeted server running the WinCC application.

“An attacker with a low skill would be able to exploit these vulnerabilities,” states the advisory.

Pierluigi Paganini

(Security Affairs –  Siemens WinCC, SCADA)