20 May 2019

Critical vulnerabilities identified by Kaspersky Lab have been corrected in Siemens SIMATIC WinCC and SIMATIC PCS 7

Siemens has fixed vulnerabilities identified in SIMATIC WinCC and SIMATIC PCS 7. Both products are affected by multiple vulnerabilities, three of which were identified by Kaspersky Lab researchers.

One issue has to do with an RCE vulnerability, CVE-2019-10922, for which a CVSS v.3 base score of 9.8 has been calculated. The vulnerability enables an unauthenticated attacker with network access to affected installations to execute arbitrary code. It can be exploited on systems which are configured without “Encrypted Communication”. The exploitation of this vulnerability can affect the confidentiality, integrity, and availability of the information handled.

The issue is relevant both to new and old versions of affected products. To fix the vulnerability, the vendor recommends:

  • for SIMATIC WinCC v.7.3 and SIMATIC PCS 7 v.8.1 and newer: enabling “Encrypted Communication”. Starting with WinCC V7.5, “Encrypted Communication” is enabled by default;
  • for SIMATIC WinCC v.7.2 and SIMATIC PCS 7 v.8.0 and earlier: upgrading the products to the latest version.

Three more vulnerabilities have also been identified in Siemens products:

  • CVE-2019-10916, which enables an attacker to run arbitrary system commands with the privileges of the local database server. The flaw has been assigned a CVSS v.3 base score of 9.1.
  • CVE-2019-10917, which could enable an attacker to cause a denial-of-service condition on the affected product. The vulnerability was assigned a CVSS v.3 base score of 3.3.
  • CVE-2019-10918, which enables an authenticated attacker with network access to the DCOM interface to execute arbitrary commands with SYSTEM privileges. A CVSS v.3 base score of 8.8 has been calculated for this vulnerability.

These vulnerabilities affect the following solutions:

  • SIMATIC PCS 7 8.0 and earlier (all versions), as well as versions 8.1, 8.2 and 9.0;
  • SIMATIC WinCC (TIA Portal) versions 13, 14 and 15;
  • SIMATIC WinCC Runtime Professional
  • SIMATIC WinCC versions 7.2 and earlier (all versions), as well as versions 7.3, 7.4, and 7.5 (all versions prior to v7.5 Upd3).

Siemens has released fixes for SIMATIC WinCC and SIMATIC PCS 7. The vendor is currently developing updates for the remaining solutions. According to the vendor’s recommendations, to mitigate the above issues users of affected products should only open project files from trusted locations and apply Defense-in-Depth.

Source: Siemens