Siemens in OPC Foundation Local Discovery Server
Plan Patch7.8ICS-CERT ICSA-23-103-03Apr 11, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in OPC Foundation Local Discovery Server affects multiple Siemens industrial products including SIMATIC WinCC, SIMATIC NET PC Software, Process Historian, and other SCADA components. The flaw stems from improper input validation (CWE-20) and allows a local user to escalate privileges under certain circumstances. Several products have no vendor fix available and are end-of-life.
What this means
What could happen
A local privilege escalation vulnerability in OPC Foundation Local Discovery Server could allow a logged-in user to gain elevated access on SCADA servers and engineering workstations, potentially enabling manipulation of control logic or unauthorized access to sensitive system configurations.
Who's at risk
Siemens SCADA systems and engineering workstations in water utilities, power generation, and manufacturing facilities. Specifically affects operators and system administrators using WinCC (SCADA visualization), SIMATIC NET (industrial networking), Process Historian (data logging), TeleControl (remote operations), and OpenPCS 7 environments.
How it could be exploited
An attacker with a local user account on an affected Siemens system (engineering workstation, SCADA server, or process historian) can exploit a validation flaw in the OPC-UA Local Discovery Server to escalate privileges and execute commands with elevated rights.
Prerequisites
- Local user account on the affected system
- OPC Foundation Local Discovery Server running on the system
- No remote network access required
Local exploitation requiredAffects SCADA engineering workstations and serversEnd-of-life products without vendor fix availableLow EPSS score but privilege escalation impact is significant
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (12)
7 with fix5 EOL
ProductAffected VersionsFix Status
OpenPCS 7 V9.1All versionsNo fix (EOL)
SIMATIC NET PC Software V14All versionsNo fix (EOL)
SIMATIC NET PC Software V16<V16 Update 816 Update 8
SIMATIC NET PC Software V15All versionsNo fix (EOL)
SIMATIC Process Historian 2020 OPC UA ServerAll versionsNo fix (EOL)
SIMATIC Process Historian 2022 OPC UA Server<V2022 SP1No fix (EOL)
SIMATIC NET PC Software V17<V17 SP117 SP1
SIMATIC NET PC Software V18<V18 Update 118 Update 1
Remediation & Mitigation
0/10
Do now
0/1HARDENINGRestrict local user account access on engineering workstations and SCADA servers to authorized personnel only
Schedule — requires maintenance window
0/8Patching may require device reboot — plan for process interruption
SIMATIC WinCC
HOTFIXUpdate SIMATIC WinCC to version 8.0 or later
HOTFIXUpdate SIMATIC WinCC Runtime Professional to version 18 Update 2 or later
HOTFIXUpdate SIMATIC WinCC Unified PC Runtime to version 18.0 SP1 Update 1 or later
SIMATIC NET PC Software V16
HOTFIXUpdate SIMATIC NET PC Software V16 to 16 Update 8 or later
SIMATIC NET PC Software V17
HOTFIXUpdate SIMATIC NET PC Software V17 to 17 SP1 or later
SIMATIC NET PC Software V18
HOTFIXUpdate SIMATIC NET PC Software V18 to 18 Update 1 or later
TeleControl Server Basic V3
HOTFIXUpdate TeleControl Server Basic V3 to version 3.1.2 or later
All products
HOTFIXUpdate OPC Foundation Unified Architecture Local Discovery Server to V1.04.405 or later where feasible
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: OpenPCS 7 V9.1, SIMATIC NET PC Software V14, SIMATIC NET PC Software V15, SIMATIC Process Historian 2020 OPC UA Server, SIMATIC Process Historian 2022 OPC UA Server. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate SCADA and engineering systems from business network and Internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/7d44f131-8458-465a-b501-d5c2893c5082