OTPulse
FeedAboutContact

Siemens SIMATIC WinCC V7

Plan Patch7.8ICS-CERT ICSA-23-166-07Jun 13, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SIMATIC WinCC V7 is vulnerable to local code injection and privilege escalation if installed to a non-default installation path. The vulnerability stems from improper file system permissions on the installation folder, allowing a local attacker to inject arbitrary code with application server privileges. An attacker could then modify process parameters, alter alarms, or compromise data integrity within the HMI system.

What this means
What could happen
A local attacker with low-level access could inject malicious code into SIMATIC WinCC V7 if installed to a non-default path, potentially compromising the HMI and altering process parameters, alarming, or logging without authorization.
Who's at risk
Water authorities and utilities using SIMATIC WinCC V7 as their HMI platform should assess their risk if WinCC is installed on any server or engineering workstation with local access from plant floor staff or maintenance personnel.
How it could be exploited
An attacker with local system access exploits improper file permissions on a non-default WinCC installation folder to inject arbitrary code. The injected code runs with application server privileges, allowing the attacker to read/modify sensitive configuration and process data, or disrupt HMI operations.
Prerequisites
  • Local access to the server or workstation hosting SIMATIC WinCC
  • WinCC installed to a non-default installation path (not Program Files)
  • File system permissions on the installation folder less restrictive than default Program Files permissions
Requires local access (not remotely exploitable)Requires non-standard installation configurationAffects HMI platform with access to process setpoints and alarmsLow EPSS score but privilege escalation potential
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC WinCC<V7.5.2.137.5.2.13
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGIf not already installed to default path, verify installation folder permissions match Program Files folder permissions
HARDENINGRestrict physical and administrative access to the WinCC application server to authorized personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIMATIC WinCC to version 7.5.2.13 or later
Long-term hardening
0/1
HARDENINGUse default installation path (Program Files) when installing or reinstalling SIMATIC WinCC V7
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1899c96d-4210-4d03-9f49-067a2d057b15