OTPulse

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional

MonitorCVSS 4.9ICS-CERT ICSA-17-129-03May 9, 2017
Siemens
Attack path
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

A vulnerability in Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional versions V14 (all versions before SP1), V13 (all versions before SP2), V7.4 (all versions before SP1), and V7.3 (all versions before Update 11) allows an authenticated remote attacker to cause a denial of service condition. The vulnerability stems from improper input validation (CWE-20). An attacker with administrative credentials can send specially crafted input to the application, causing it to crash or become unresponsive, disrupting SCADA visualization and operator monitoring capabilities.

What this means
What could happen
An attacker with administrative privileges can cause a denial of service (DoS) condition on WinCC and WinCC Runtime Professional, potentially stopping SCADA visualization and operator interface functionality that is critical to plant monitoring and control.
Who's at risk
Water utilities and electrical system operators running Siemens SIMATIC WinCC or WinCC Runtime Professional for SCADA visualization and plant monitoring should be concerned. This affects all versions: V14 (before SP1), V13 (before SP2), V7.4 (before SP1), and V7.3 (before Update 11). Any facility using these platforms for real-time operator interface is at risk.
How it could be exploited
An attacker with network access and high-level credentials (engineering or administrative account) sends malformed input to the WinCC or WinCC Runtime Professional application, triggering an input validation failure that crashes or hangs the service. This could disrupt operator visibility into running processes.
Prerequisites
  • Network access to WinCC or WinCC Runtime Professional service
  • High-privilege credentials (engineering workstation or administrative user account)
  • Knowledge of or ability to craft malformed input to trigger the validation failure
remotely exploitablerequires high-privilege credentialscauses denial of service to SCADA visualizationaffects HMI/operator interface systemslow attack complexity
Exploitability
Unlikely to be exploited — EPSS score 0.6%
Affected products (4)
4 pending
ProductAffected VersionsFix Status
V14: All< 14 SP1No fix yet
V13: All< 13 SP2No fix yet
V7.4: All< 7.4 SP1No fix yet
V7.3: All< 7.3 Update 11No fix yet
Remediation & Mitigation
0/6
Do now
0/2
HARDENINGRestrict network access to WinCC and WinCC Runtime Professional systems to authorized engineering and operations networks using firewalls or network segmentation
HARDENINGEnforce strong authentication and access controls; limit high-privilege credentials to users who require them for their role
Schedule — requires maintenance window
0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Siemens SIMATIC WinCC V14 to SP1 or later
HOTFIXUpgrade Siemens SIMATIC WinCC V13 to SP2 or later
HOTFIXUpgrade Siemens SIMATIC WinCC V7.4 to SP1 or later
HOTFIXUpgrade Siemens SIMATIC WinCC V7.3 to Update 11 or later
View full CISA ICS-CERT advisory
API: /api/v1/advisories/47a919a9-0bf3-463a-b176-f144e0e8d1a1

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional | CVSS 4.9 - OTPulse