ICSA-19-134-02 Siemens SIMATIC WinCC and SIMATIC PCS 7

Plan PatchCVSS 9.8ICS-CERT ICSA-19-134-02May 14, 2019

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC WinCC and SIMATIC PCS 7 lack proper authentication controls, allowing unauthenticated access to critical functionality. WinCC is a supervisory control and data acquisition (SCADA) human-machine interface (HMI) software, and PCS 7 is an industrial process control system. The vulnerability exists across multiple versions, with WinCC v7.2 and earlier, and PCS 7 v8.0 and earlier reaching end-of-support status without patches. Newer versions (WinCC v7.3+, PCS 7 v8.1+) have the vulnerability but no patch is planned.

What this means

What could happen

An attacker with network access to your WinCC or PCS 7 system could execute arbitrary operations without authentication, potentially modifying process parameters, stopping operations, or collecting sensitive control data from your water or electrical infrastructure.

Who's at risk

Water utilities, electrical utilities, and any organization running Siemens SIMATIC WinCC (industrial HMI software) or SIMATIC PCS 7 (process control system) for SCADA, manufacturing, or critical process management should assess their exposure. This affects both legacy systems (v7.2 and v8.0) and newer supported versions with no available patch.

How it could be exploited

An attacker connects to the WinCC or PCS 7 system over the network (Ethernet, VPN, or internet if exposed) and sends commands to manipulate the control system without providing valid credentials. No special tools are required; the weak authentication design allows direct command injection to alter setpoints, disable alarms, or shut down processes.

Prerequisites

Network access to the WinCC or PCS 7 system (port 102 for S7 communication or web interface ports)
No valid credentials required
System must be reachable from the attacker's network segment

remotely exploitableno authentication requiredlow complexityno patch availableaffects safety systems

Exploitability

Some exploitation risk — EPSS score 1.3%

Affected products (4)

2 pending2 EOL

ProductAffected VersionsFix Status

SIMATIC WinCC V7.2 and earlierAll versionsNo fix (EOL)

SIMATIC PCS 7 V8.1 and newerAll versionsNo fix yet

SIMATIC WinCC V7.3 and newerAll versionsNo fix yet

SIMATIC PCS 7 V8.0 and earlierAll versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGEnable 'Encrypted Communications' in SIMATIC WinCC and PCS 7 to protect traffic in transit

WORKAROUNDRestrict network access to WinCC and PCS 7 systems using firewalls; do not expose them to the internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXIf running WinCC v7.2 or earlier, upgrade to v7.3 or newer

HOTFIXIf running PCS 7 v8.0 or earlier, upgrade to v8.1 or newer

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: SIMATIC WinCC V7.2 and earlier, SIMATIC PCS 7 V8.0 and earlier. Apply the following compensating controls:

HARDENINGIsolate SIMATIC control systems behind firewalls and on a separate industrial network segment from business IT

HARDENINGIf remote access is needed, use a VPN with current security patches and strong authentication

CVEs (1)

CVE-2019-10922

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3ae52a43-8960-4577-a095-0d475d544eca

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.