OTPulse
FeedAboutContact

Siemens SIMATIC WinCC Flexible Weakly Protected Credentials Vulnerability

Low Risk3.7ICS-CERT ICSA-16-161-02Mar 13, 2016
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

SIMATIC WinCC flexible versions SP3_Up7 and earlier contain weakly protected credentials (CWE-522). The vulnerability allows disclosure of sensitive credential information through weak protection mechanisms.

What this means
What could happen
An attacker who obtains credential files from WinCC flexible could reuse those credentials to access the HMI system, potentially allowing unauthorized viewing or modification of process operations and alarms.
Who's at risk
Water authorities and electric utilities using SIMATIC WinCC flexible for HMI systems on their engineering workstations. Anyone with access to the engineering network or project files can potentially extract stored credentials.
How it could be exploited
An attacker must first gain access to credential storage files within WinCC flexible (local file access or network-accessible storage). Once obtained, the weak protection allows the credentials to be extracted and reused to authenticate to the HMI system remotely or locally.
Prerequisites
  • Local or network file system access to WinCC flexible credential storage
  • Access to the engineering workstation or project files where credentials are stored
No patch availableWeak credential protectionEngineering workstation compromise could expose operational credentials
Exploitability
Low exploit probability (EPSS 0.8%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC WinCC flexible: <=SP3_Up7≤ SP3 Up7No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGImplement strong access controls and file permissions on WinCC flexible workstations and project directories to prevent unauthorized credential file access
WORKAROUNDAudit and rotate all HMI credentials currently stored in WinCC flexible projects to reduce reuse risk
Mitigations - no patch available
0/2
SIMATIC WinCC flexible: <=SP3_Up7 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGStore WinCC flexible engineering workstations on a segregated network segment with restricted access from plant floor devices
HARDENINGConsider using external authentication systems (Active Directory, LDAP) to reduce reliance on embedded WinCC credentials
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/717bcacb-ad07-4007-b9dd-c122ff2bb09c