OTPulse
FeedAboutContact

ICSA-19-134-02 Siemens SIMATIC WinCC and SIMATIC PCS 7

Act Now9.8ICS-CERT ICSA-19-134-02May 14, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIMATIC WinCC and SIMATIC PCS 7 lack proper authentication controls, allowing unauthenticated access to critical functionality. WinCC is a supervisory control and data acquisition (SCADA) human-machine interface (HMI) software, and PCS 7 is an industrial process control system. The vulnerability exists across multiple versions, with WinCC v7.2 and earlier, and PCS 7 v8.0 and earlier reaching end-of-support status without patches. Newer versions (WinCC v7.3+, PCS 7 v8.1+) have the vulnerability but no patch is planned.

What this means
What could happen
An attacker with network access to your WinCC or PCS 7 system could execute arbitrary operations without authentication, potentially modifying process parameters, stopping operations, or collecting sensitive control data from your water or electrical infrastructure.
Who's at risk
Water utilities, electrical utilities, and any organization running Siemens SIMATIC WinCC (industrial HMI software) or SIMATIC PCS 7 (process control system) for SCADA, manufacturing, or critical process management should assess their exposure. This affects both legacy systems (v7.2 and v8.0) and newer supported versions with no available patch.
How it could be exploited
An attacker connects to the WinCC or PCS 7 system over the network (Ethernet, VPN, or internet if exposed) and sends commands to manipulate the control system without providing valid credentials. No special tools are required; the weak authentication design allows direct command injection to alter setpoints, disable alarms, or shut down processes.
Prerequisites
  • Network access to the WinCC or PCS 7 system (port 102 for S7 communication or web interface ports)
  • No valid credentials required
  • System must be reachable from the attacker's network segment
remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems
Exploitability
Moderate exploit probability (EPSS 1.3%)
Affected products (4)
2 pending2 EOL
ProductAffected VersionsFix Status
SIMATIC WinCC V7.2 and earlierAll versionsNo fix (EOL)
SIMATIC PCS 7 V8.1 and newerAll versionsNo fix yet
SIMATIC WinCC V7.3 and newerAll versionsNo fix yet
SIMATIC PCS 7 V8.0 and earlierAll versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/2
HARDENINGEnable 'Encrypted Communications' in SIMATIC WinCC and PCS 7 to protect traffic in transit
WORKAROUNDRestrict network access to WinCC and PCS 7 systems using firewalls; do not expose them to the internet
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXIf running WinCC v7.2 or earlier, upgrade to v7.3 or newer
HOTFIXIf running PCS 7 v8.0 or earlier, upgrade to v8.1 or newer
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: SIMATIC WinCC V7.2 and earlier, SIMATIC PCS 7 V8.0 and earlier. Apply the following compensating controls:
HARDENINGIsolate SIMATIC control systems behind firewalls and on a separate industrial network segment from business IT
HARDENINGIf remote access is needed, use a VPN with current security patches and strong authentication
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/3ae52a43-8960-4577-a095-0d475d544eca
ICSA-19-134-02 Siemens SIMATIC WinCC and SIMATIC PCS 7 | CVSS 9.8 - OTPulse