OTPulse
FeedAboutContact

Siemens SIMATIC STEP 7 DLL Vulnerability

Low RiskICS-CERT ICSA-12-205-02Apr 26, 2012
Summary

SIMATIC STEP 7 and PCS 7 contain a DLL-related vulnerability that could allow arbitrary code execution when processing malicious files. Versions STEP 7 prior to V5.5 SP1 and PCS 7 V7.1 SP3 or earlier are affected. No vendor fix is available for these legacy products.

What this means
What could happen
An attacker with access to a user's engineering workstation could execute arbitrary code with the privileges of that user, potentially allowing modification of PLC programs or control system configurations.
Who's at risk
Engineering staff and automation engineers who use SIMATIC STEP 7 (versions before 5.5 SP1) or SIMATIC PCS 7 (version 7.1 SP3 or earlier) on their workstations to develop, test, or modify PLC and control system logic for water treatment plants, SCADA systems, or manufacturing processes.
How it could be exploited
An attacker would need to trick a user into opening a malicious file (likely a DLL or project file) on an engineering workstation running SIMATIC STEP 7 or PCS 7. When the software processes the file, the attacker's code executes within the engineering environment, potentially allowing them to modify control logic or steal configuration data.
Prerequisites
  • User with SIMATIC STEP 7 or PCS 7 installed on engineering workstation
  • User must open or load a malicious file through the affected application
  • No special credentials or administrative access required if user already has STEP 7/PCS 7 access
No patch availableAffects engineering workstations with code-execution capabilitySocial engineering required (user must open malicious file)Legacy/unsupported software
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC STEP 7: <V5.5_Service_Pack_1_V5.5.1_equivalent<V5.5 Service Pack 1 V5.5.1 equivalentV5.5 Service Pack 1 (V5.5.1) or later
SIMATIC PCS 7: <=V7.1_SP3≤ V7.1 SP3V7.1 SP3 or later
Remediation & Mitigation
0/3
Do now
0/1
WORKAROUNDRestrict file sharing and email attachments to engineering workstations; educate users not to open untrusted files in STEP 7 or PCS 7
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate engineering workstations from production networks and untrusted sources
HARDENINGConsider migrating to current-generation Siemens engineering tools (STEP 7 v15+, TIA Portal) as these older versions are no longer supported
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/fb91329f-fca2-49eb-8796-c95ce54805bc
Siemens SIMATIC STEP 7 DLL Vulnerability - OTPulse