OTPulse
FeedAboutContact

ICSA-18-254-04 Siemens SIMATIC WinCC OA

Act Now9.1ICS-CERT ICSA-18-254-04Sep 11, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC WinCC OA v3.14 and prior contain an improper access control vulnerability (CWE-269) that allows unauthenticated remote attackers to execute arbitrary commands on the WinCC OA server. The vulnerability requires only network connectivity and no user interaction. No public exploits are known at this time.

What this means
What could happen
An attacker could execute arbitrary commands on the SIMATIC WinCC OA server, enabling them to modify process settings, alter alarms, or shut down the visualization and control system that operators rely on to monitor and manage water/power infrastructure.
Who's at risk
Organizations operating SIMATIC WinCC OA (versions 3.14 and earlier) should be concerned. This affects water utilities, power utilities, and any industrial operator using WinCC OA as their primary supervisory control and data acquisition (SCADA) visualization platform.
How it could be exploited
An attacker with network access to the SIMATIC WinCC OA server can send a specially crafted request to exploit an improper access control vulnerability (CWE-269) and execute arbitrary commands without needing credentials or user interaction.
Prerequisites
  • Network access to the SIMATIC WinCC OA server over the network
  • SIMATIC WinCC OA v3.14 or earlier installed
Remotely exploitableNo authentication requiredLow complexity attackHigh CVSS score (9.1)No patch available for v3.14 and prior
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC WinCC OA V3.14 and prior<V3.14-P021v3.14-P021
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDRestrict network access to SIMATIC WinCC OA servers using firewall rules; ensure the server is not directly reachable from the internet or untrusted networks
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC WinCC OA to v3.14-P021 or later
Long-term hardening
0/3
HARDENINGPlace SIMATIC WinCC OA systems behind a firewall and isolate from the business network
HARDENINGIf remote access is required, use a VPN with the latest security updates available
HARDENINGReview and follow the SIMATIC WinCC OA Security Guideline and Siemens operational security guidelines for defense-in-depth strategies
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5c1772b0-8c91-459d-ad73-ff5958b36469
ICSA-18-254-04 Siemens SIMATIC WinCC OA | CVSS 9.1 - OTPulse