Siemens SIMATIC WinCC
Monitor6.2ICS-CERT ICSA-24-102-02Apr 9, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the login dialog box of SIMATIC WinCC could allow a local attacker to cause a denial of service condition, crashing the SCADA runtime. Affected versions include SIMATIC PCS 7 V9.1 before SP2 UC04, SIMATIC WinCC Runtime Professional V17, V18, and V19 before their respective updates, SIMATIC WinCC V7.5 before SP2 Update 16, and SIMATIC WinCC V8.0 before Update 5. The vulnerability is exploitable only with local access and is not remotely exploitable.
What this means
What could happen
A local attacker could crash the WinCC runtime system by exploiting the login dialog, causing loss of SCADA monitoring and control capability at your plant until the system restarts.
Who's at risk
Water utilities and municipal electric providers running Siemens SIMATIC WinCC as their SCADA HMI (human-machine interface) on operator stations are affected. This includes facilities using WinCC Runtime Professional versions 17 and 18 (for which no fix is currently available), as well as WinCC v8.0 and PCS 7 systems. Operator stations and supervisory workstations are the target.
How it could be exploited
An attacker with local access to a SIMATIC WinCC operator station or HMI system can trigger a denial of service condition through the login dialog box, rendering the runtime unavailable. This requires physical or local network access to the machine running WinCC.
Prerequisites
- Local access to the WinCC operator station or HMI machine
- Ability to interact with the login dialog box of the running SCADA system
Locally exploitableNo authentication required to triggerLow complexity to exploitAffects SCADA availabilityPatch unavailable for some product lines (WinCC Runtime Professional V17, V18, and WinCC V8.0)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
SIMATIC PCS 7 V9.1<V9.1 SP2 UC049.1 SP2 UC04
SIMATIC WinCC Runtime Professional V17<V17 Update 817 Update 8
SIMATIC WinCC Runtime Professional V18<V18 Update 418 Update 4
SIMATIC WinCC Runtime Professional V19<V19 Update 119 Update 1
SIMATIC WinCC V7.5<V7.5 SP2 Update 167.5 SP2 Update 16
SIMATIC WinCC V8.0<V8.0 Update 58.0 Update 5
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDActivate SIMATIC Logon in the User Administrator of SIMATIC PCS 7 Operator Stations
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
SIMATIC PCS 7 V9.1
HOTFIXUpdate SIMATIC PCS 7 V9.1 to V9.1 SP2 UC04 or later
SIMATIC WinCC Runtime Professional V19
HOTFIXUpdate SIMATIC WinCC Runtime Professional V19 to V19 Update 1 or later
SIMATIC WinCC V7.5
HOTFIXUpdate SIMATIC WinCC V7.5 to V7.5 SP2 Update 16 or later
Long-term hardening
0/2HARDENINGRestrict local and network access to operator stations and HMI systems to authorized personnel only
HARDENINGIsolate WinCC systems and control networks from business networks and the internet
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/9ef4409a-8369-4dc2-8d82-14f9a867fd7e