Improper access control in Siemens SIMATIC WinCC and SIMATIC PCS 7

#VU18656 Improper access control in Siemens SIMATIC WinCC and SIMATIC PCS 7

Published: 2019-05-31

Vulnerability identifier: #VU18656

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C]

CVE-ID: CVE-2019-10922

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Siemens SIMATIC WinCC
Server applications / SCADA systems
SIMATIC PCS 7
Server applications / SCADA systems

Vendor: Siemens

Description

The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to improper access restrictions when installations have not “Encrypted Communication” configured. A remote unauthenticated attacker with network access may be able to execute arbitrary code.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

A vendor recommends to:

Upgrade SIMATIC WinCC to v7.3 or newer.
Upgrade SIMATIC PCS 7 to v8.1 or newer.
Enable Encrypted Communications (some newer versions have this enabled by default).
Apply defense-in-depth concepts.

Vulnerable software versions

Siemens SIMATIC WinCC: 5.0 - v11

SIMATIC PCS 7: 6.1 - 9.0

External links
http://www.securityfocus.com/bid/108398
http://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper access control in Siemens SIMATIC WinCC