SIMATIC WinCC Graphics Designer

MonitorCVSS 6.2ICS-CERT ICSA-21-040-09Feb 9, 2021

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIMATIC WinCC Graphics Designer fails to properly restrict access to sensitive files, allowing an attacker with local file system access to read confidential project configuration data, HMI design files, and system documentation without authentication. The vulnerability exists in SIMATIC WinCC versions prior to 7.5 SP2. SIMATIC PCS 7 is affected because WinCC Graphics Designer is a component, but Siemens has stated it is not officially supported in PCS 7 and recommends disabling the feature. This is a local privilege escalation or information disclosure vulnerability with CVSS 6.2 (medium severity). No public exploits exist, and the vulnerability is not remotely exploitable.

What this means

What could happen

An attacker with local access to a system running affected versions of SIMATIC WinCC could read sensitive configuration or project files that contain confidential information. This vulnerability does not allow code execution or process manipulation, but exposes design documents and system configuration to unauthorized personnel.

Who's at risk

This vulnerability affects engineering and design teams who use SIMATIC WinCC Graphics Designer to create and modify HMI (Human Machine Interface) projects. It primarily impacts organizations running Siemens SIMATIC PCS 7 process control systems or standalone SIMATIC WinCC versions before 7.5 SP2. Utilities and manufacturing facilities with automated process control are the main concern.

How it could be exploited

An attacker must have local file system access to the machine running SIMATIC WinCC Graphics Designer. They can then read sensitive files that should be restricted to authorized engineers or project managers, such as HMI project files, process logic configurations, or system documentation.

Prerequisites

Local file system access to the computer running SIMATIC WinCC Graphics Designer
No special user credentials or authentication required for initial file access
SIMATIC WinCC version earlier than 7.5 SP2 installed

No authentication required for exploitationLow complexity attackSensitive information exposureOlder SIMATIC PCS 7 systems have no patch available

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

1 with fix1 EOL

ProductAffected VersionsFix Status

SIMATIC WinCC: All<V7.5 SP27.5 SP2

SIMATIC PCS 7: All versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGApply principle of least privilege: restrict user accounts to only the permissions needed for their specific role

HARDENINGImplement strict access control to the computers running SIMATIC WinCC Graphics Designer to prevent unauthorized local access

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC WinCC to version 7.5 SP2 or later

WORKAROUNDFor SIMATIC PCS 7 systems, do not enable or use WinCC Graphics Designer feature; apply guidance in SIMATIC PCS 7 Compendium Part F

CVEs (1)

CVE-2020-10048

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3b7aeb08-cb5f-4a58-ba8b-7cee0d849437

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.