ICSA-17-306-01 Siemens SIMATIC PCS 7 (Update A)
Monitor4.9ICS-CERT ICSA-17-306-01Oct 18, 2017
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
SIMATIC PCS 7 contains an out-of-bounds write vulnerability (CWE-787) in versions V8.1 (before V8.1 SP1 with WinCC V7.3 Upd 13) and V8.2 (before V8.2 SP1). An attacker with high-level privileges could cause a denial of service by crashing the application. The vulnerability does not affect real-time control modules but impacts the engineering and supervisory layer used for system configuration, monitoring, and operations.
What this means
What could happen
An attacker with high-level privileges could cause a denial of service on the PCS 7 engineering workstation or server, disrupting plant supervision, configuration, and monitoring capabilities.
Who's at risk
Water utilities and electric utilities running Siemens SIMATIC PCS 7 V8.1 or V8.2 for supervisory control and process monitoring. This affects engineering workstations and supervisory servers used by operators and engineers to manage industrial processes.
How it could be exploited
An attacker with administrative or high-privilege credentials on the network could exploit a memory corruption issue to crash the SIMATIC PCS 7 application or its components. This requires network access to the PCS 7 system and existing high-level privileges.
Prerequisites
- Network access to SIMATIC PCS 7 system
- High-level/administrative privileges (engineer or administrator account)
- Local or network access to the affected SIMATIC PCS 7 application
Requires high-level privileges to exploitNo known public exploitsMemory corruption vulnerabilityCould disrupt process supervision and monitoring
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC PCS 7 V8.1<V8.1 SP1 with WinCC V7.3 Upd 13V8.1 SP1 with WinCC V7.3 Upd 13 or later
SIMATIC PCS 7 V8.2<V8.2 SP1V8.2 SP1 or later
Remediation & Mitigation
0/6
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SIMATIC PCS 7 V8.1
HOTFIXUpdate SIMATIC PCS 7 V8.1 to V8.1 SP1 with WinCC V7.3 Upd 13 or later
SIMATIC PCS 7 V8.2
HOTFIXUpdate SIMATIC PCS 7 V8.2 to V8.2 SP1 or later
Long-term hardening
0/4HARDENINGImplement network cell protection concept to segment PCS 7 from other systems
HARDENINGDeploy VPN for protecting network communication between cells
HARDENINGConfigure firewall rules to restrict network access to SIMATIC PCS 7 systems
HARDENINGIsolate control system network from business network and Internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/323563f8-58cb-46fe-ba8d-291039cbd9b3