Siemens OPC Foundation Local Discovery Server Affecting Siemens Products
Plan Patch7.8ICS-CERT ICSA-24-102-08Apr 11, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the OPC Foundation Local Discovery Server component affects multiple Siemens industrial automation products. An attacker with local low-privilege user account access could exploit an input validation flaw to escalate privileges to administrative level. The vulnerability affects OpenPCS 7 V9.1, SIMATIC NET PC Software (V14 through V18), SIMATIC WinCC (versions prior to 8.0 and Runtime Professional variants), SIMATIC Process Historian (2020 and 2022 OPC UA Server), and TeleControl Server Basic V3. Siemens has released patches for SIMATIC NET PC Software V16–V18, SIMATIC WinCC variants, and TeleControl Server Basic V3, but no fixes are available for OpenPCS 7 V9.1 or SIMATIC Process Historian versions.
What this means
What could happen
A vulnerability in the OPC Foundation Local Discovery Server could allow an attacker with local access to escalate privileges, potentially gaining control over process automation functions in SCADA systems and engineering workstations.
Who's at risk
This affects organizations running Siemens SCADA and HMI systems, specifically: engineering workstations running SIMATIC NET PC Software (versions 14–18) or SIMATIC WinCC (versions prior to 8.0), process historians (SIMATIC Process Historian 2020 and 2022), and legacy automation systems (OpenPCS 7 V9.1 and TeleControl Server Basic V3). Water utilities and electric utilities with Siemens automation infrastructure are at risk.
How it could be exploited
An attacker with local access to a device running affected Siemens OPC software must have low-level user credentials (non-administrative). They can exploit an input validation flaw in the Local Discovery Server component to escalate privileges to administrative level, allowing them to modify process setpoints, alter system configurations, or disable safety interlocks.
Prerequisites
- Local access to the affected device
- Low-privilege user account credentials
- OPC Foundation Local Discovery Server component running
Low-privilege local access requiredInput validation vulnerabilityHigh CVSS score (7.8)Multiple versions with no fix availableAffects engineering workstations and control system componentsPrivilege escalation could compromise process automation
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (12)
7 with fix5 EOL
ProductAffected VersionsFix Status
SIMATIC NET PC Software V16<V16 Update 816 Update 8
SIMATIC NET PC Software V17<V17 SP1 Update 117 SP1 Update 1
SIMATIC NET PC Software V18<V18 Update 118 Update 1
SIMATIC WinCC< 8.08.0
SIMATIC WinCC Runtime Professional<V18 Update 218 Update 2
SIMATIC WinCC Unified PC Runtime V18<V18.0 SP1 Update 118.0 SP1 Update 1
TeleControl Server Basic V3< 3.1.23.1.2
OpenPCS 7 V9.1All versionsNo fix (EOL)
Remediation & Mitigation
0/10
Do now
0/2HARDENINGRestrict network access to OPC devices and engineering workstations using firewall rules or network segmentation
HARDENINGEnforce strong local access controls and limit low-privilege user accounts to essential personnel only
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
TeleControl Server Basic V3
HOTFIXUpdate TeleControl Server Basic V3 to version 3.1.2 or later
SIMATIC NET PC Software V16
HOTFIXUpdate SIMATIC NET PC Software V16 to Update 8 or later
SIMATIC NET PC Software V17
HOTFIXUpdate SIMATIC NET PC Software V17 to SP1 Update 1 or later
SIMATIC NET PC Software V18
HOTFIXUpdate SIMATIC NET PC Software V18 to Update 1 or later
SIMATIC WinCC
HOTFIXUpdate SIMATIC WinCC to version 8.0 or later
HOTFIXUpdate SIMATIC WinCC Runtime Professional to version 18 Update 2 or later
HOTFIXUpdate SIMATIC WinCC Unified PC Runtime V18 to version 18.0 SP1 Update 1 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: OpenPCS 7 V9.1, SIMATIC NET PC Software V14, SIMATIC NET PC Software V15, SIMATIC Process Historian 2020 OPC UA Server, SIMATIC Process Historian 2022 OPC UA Server. Apply the following compensating controls:
HARDENINGConfigure network environment according to Siemens operational guidelines for industrial security
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/eb2cf362-0a35-42d8-91b6-26f11cc2b026