ICSA-19-192-02 Siemens SIMATIC WinCC and PCS7 (Update C)
Plan PatchCVSS 7.2ICS-CERT ICSA-19-192-02Jul 9, 2019
Siemens
Attack path
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
SIMATIC WinCC and PCS 7 contain an improper file upload validation vulnerability (CWE-434) that allows an attacker with engineering credentials to upload and execute malicious files on the HMI runtime or process control engineering environment. The vulnerability is present across multiple product lines and versions. Siemens has released patches for newer versions (WinCC v7.3 Upd 19, v7.4 SP1 Upd 11, v7.5 Upd 3, and corresponding PCS 7 variants), but older versions (WinCC v7.2 and earlier, PCS 7 v8.0 and earlier, and TIA Portal v13) will not receive fixes.
What this means
What could happen
An attacker with engineering credentials could upload malicious files to WinCC or PCS 7 runtime environments, potentially executing code that alters process control logic, changes operator interface displays, or disrupts plant operations.
Who's at risk
Operators and engineers at water utilities, power plants, and other critical infrastructure using Siemens SIMATIC WinCC (all versions 7.2–7.5) and SIMATIC PCS 7 (versions 8.0–9.0) for supervisory control and human–machine interfaces. This affects both standalone WinCC installations and WinCC components embedded in PCS 7 process control systems.
How it could be exploited
An attacker with valid engineering workstation credentials uploads a crafted file (improper file type validation) through the WinCC/PCS 7 engineering interface or runtime console. The file is accepted and executed by the supervisory control system, allowing code execution in the context of the runtime environment.
Prerequisites
- Valid engineering workstation credentials (administrator or engineering user account)
- Network access to the WinCC or PCS 7 engineering interface or runtime management console
- Knowledge of the target product version and file upload mechanisms
Requires valid engineering credentials (reduces but does not eliminate risk in environments with poor credential hygiene)No patch available for several versions (v8.0 and earlier PCS 7, v7.2 and earlier WinCC, v13 TIA Portal)Affects HMI and process control systems critical to plant availabilityFile upload validation weakness could be exploited post-compromise if engineering accounts are compromised
Exploitability
Unlikely to be exploited — EPSS score 0.5%
Affected products (14)
10 with fix4 EOL
ProductAffected VersionsFix Status
SIMATIC PCS 7 V9.0<V9.0 SP2 with WinCC V7.4 SP1 Upd11V9.0 SP2 with WinCC V7.4 SP1 Upd 11
SIMATIC WinCC V7.4<V7.4 SP1 Upd 11V7.4 SP1 Upd 11
SIMATIC PCS 7 V8.0 and earlierAll versionsNo fix (EOL)
SIMATIC PCS 7 V8.1<V8.1 with WinCC V7.3 Upd 19V8.1 with WinCC V7.3 Upd 19
SIMATIC PCS 7 V8.2<V8.2 SP1 with WinCC V7.4 SP1 Upd 11V8.2 SP1 with WinCC V7.4 SP1 Upd 11
SIMATIC WinCC Professional (TIA Portal V13)All versionsNo fix (EOL)
SIMATIC WinCC Professional (TIA Portal V14)<V14 SP1 Upd 9V14 SP1 Upd 9
SIMATIC WinCC Professional (TIA Portal V15)<V15.1 Upd 3V15.1 Upd 3
Remediation & Mitigation
0/13
Do now
0/1WORKAROUNDRestrict network access to WinCC and PCS 7 engineering interfaces and runtime consoles using firewall rules; allow only trusted engineering workstations
Schedule — requires maintenance window
0/10Patching may require device reboot — plan for process interruption
SIMATIC WinCC V7.3
HOTFIXUpdate SIMATIC WinCC v7.3 to version 7.3 Upd 19 or later
SIMATIC WinCC V7.4
HOTFIXUpdate SIMATIC WinCC v7.4 to version 7.4 SP1 Upd 11 or later
SIMATIC WinCC V7.5
HOTFIXUpdate SIMATIC WinCC v7.5 to version 7.5 Upd 3 or later
SIMATIC PCS 7 V8.1
HOTFIXUpdate SIMATIC PCS 7 v8.1 WinCC component to version 7.3 Upd 19 or later
SIMATIC PCS 7 V8.2
HOTFIXUpdate SIMATIC PCS 7 v8.2 WinCC component to version 7.4 SP1 Upd 11 or later
SIMATIC PCS 7 V9.0
HOTFIXUpdate SIMATIC PCS 7 v9.0 WinCC component to version 7.4 SP1 Upd 11 or later
SIMATIC WinCC Professional (TIA Portal V14)
HOTFIXUpdate SIMATIC WinCC Runtime Professional (TIA Portal v14) to version 14 SP1 Upd 9 or later
SIMATIC WinCC Professional (TIA Portal V15)
HOTFIXUpdate SIMATIC WinCC Runtime Professional (TIA Portal v15) to version 15.1 Upd 3 or later
SIMATIC WinCC Runtime Professional V14
HOTFIXUpdate SIMATIC WinCC Runtime Professional v14 to version 14.1 Upd 8 or later
SIMATIC WinCC Runtime Professional V15
HOTFIXUpdate SIMATIC WinCC Runtime Professional v15 to version 15.1 Upd 3 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: SIMATIC PCS 7 V8.0 and earlier, SIMATIC WinCC Professional (TIA Portal V13), SIMATIC WinCC Runtime Professional V13, SIMATIC WinCC V7.2 and earlier. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate control system networks from the business network and the Internet
HARDENINGUse defense-in-depth strategy: apply Siemens operational guidelines for industrial security and follow product security manuals
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/da679966-c1d7-435d-8aba-3983b154a43fGet OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.