Siemens Industrial Products
MonitorCVSS 6.5ICS-CERT ICSA-24-137-13May 14, 2024
SiemensManufacturing
Attack path
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
An out-of-bounds read vulnerability in multiple Siemens industrial automation products (TIA Portal, WinCC, SIMATIC BATCH, SIMATIC PDM, SIMATIC Route Control, SIMATIC PCS 7, WinCC OA, and other engineering and HMI tools) allows a local attacker to trigger a Blue Screen of Death (BSOD) crash of the Windows kernel running the software. This results in a denial of service condition, taking the affected engineering workstation or supervisory system offline. The vulnerability is present across many versions of these products; Siemens has released fixes for some versions but not others.
What this means
What could happen
An attacker with local access to an engineering workstation running affected Siemens software could trigger an out-of-bounds read that crashes the Windows kernel, forcing the machine offline and disrupting engineering, monitoring, or automation activities.
Who's at risk
Manufacturing organizations and utilities using Siemens automation and control software should prioritize this for engineering workstations and supervisory systems. Affected products include TIA Portal (the main engineering IDE), WinCC (HMI/SCADA software), SIMATIC automation tools, SINUMERIK PLC tools, and plant-wide systems like PCS 7. This impacts anyone who engineers, maintains, or monitors automated systems using these widely deployed Siemens products.
How it could be exploited
An attacker with local access to a machine running the affected software (such as TIA Portal, WinCC, or SIMATIC tools) could trigger the out-of-bounds read vulnerability by processing a specially crafted input or project file. This causes the kernel to crash (Blue Screen of Death), taking the machine offline and halting any automation engineering, HMI monitoring, or control system work running on it.
Prerequisites
- Local access to the engineering workstation or supervisory system
- Affected Siemens product installed (TIA Portal, WinCC, SIMATIC BATCH, SIMATIC PDM, etc.)
- Ability to provide input or load a project file processed by the vulnerable software
Local access only (requires physical or authorized network access to workstation)Low complexity to exploitAffects engineering workstations and supervisory systems critical to operationsNo patch available for several product versions (SCT, WinCC OA V3.17, WinCC V7.4, TIA Portal V15.1 and V16)Vulnerability is stable and reproducible (RC:C)
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (32)
26 with fix6 pending
ProductAffected VersionsFix Status
Security Configuration Tool (SCT)All versionsNo fix yet
SIMATIC Automation Tool<V5.0 SP25.0 SP2
SIMATIC BATCH V9.1<V9.1 SP2 Upd59.1 SP2 Upd5
SIMATIC NET PC Software V16<V16 Update 816 Update 8
SIMATIC NET PC Software V17All versionsNo fix yet
Remediation & Mitigation
0/28
Do now
0/1HARDENINGRestrict physical and local access to engineering workstations and supervisory systems running affected software to authorized personnel only
Schedule — requires maintenance window
0/26Patching may require device reboot — plan for process interruption
SIMATIC Automation Tool
HOTFIXUpdate SIMATIC Automation Tool to V5.0 SP2 or later
SIMATIC NET PC Software V16
HOTFIXUpdate SIMATIC NET PC Software V16 to Update 8 or later
SIMATIC NET PC Software V18
HOTFIXUpdate SIMATIC NET PC Software V18 to SP1 or later
SIMATIC NET PC Software V19
HOTFIXUpdate SIMATIC NET PC Software V19 to Update 2 or later
SIMATIC PCS 7 V9.1
HOTFIXUpdate SIMATIC PCS 7 V9.1 to SP2 UC05 or later
SIMATIC PDM V9.2
HOTFIXUpdate SIMATIC PDM V9.2 to SP2 Upd3 or later
SIMATIC Route Control V9.1
HOTFIXUpdate SIMATIC Route Control V9.1 to SP2 Upd3 or later
SIMATIC S7-PCT
HOTFIXUpdate SIMATIC S7-PCT to V3.5 SP3 Update 6 or later
SIMATIC STEP 7 V5
HOTFIXUpdate SIMATIC STEP 7 V5 to V5.7 SP3 or later
SIMATIC WinCC OA V3.18
HOTFIXUpdate SIMATIC WinCC OA V3.18 to P025 or later
SIMATIC WinCC OA V3.19
HOTFIXUpdate SIMATIC WinCC OA V3.19 to P010 or later
SIMATIC WinCC Runtime Advanced
HOTFIXUpdate SIMATIC WinCC Runtime Advanced to V17 Update 8 or later
SIMATIC WinCC Runtime Professional V16
HOTFIXUpdate SIMATIC WinCC Runtime Professional V16 to Update 6 or later
SIMATIC WinCC Runtime Professional V17
HOTFIXUpdate SIMATIC WinCC Runtime Professional V17 to Update 8 or later
SIMATIC WinCC Runtime Professional V18
HOTFIXUpdate SIMATIC WinCC Runtime Professional V18 to Update 4 or later
SIMATIC WinCC Runtime Professional V19
HOTFIXUpdate SIMATIC WinCC Runtime Professional V19 to Update 2 or later
SIMATIC WinCC V7.5
HOTFIXUpdate SIMATIC WinCC V7.5 to SP2 Update 17 or later
SIMATIC WinCC V8.0
HOTFIXUpdate SIMATIC WinCC V8.0 to Update 5 or later
SINAMICS Startdrive
HOTFIXUpdate SINAMICS Startdrive to V19 SP1 or later
SINUMERIK ONE virtual
HOTFIXUpdate SINUMERIK ONE virtual to V6.23 or later
SINUMERIK PLC Programming Tool
HOTFIXUpdate SINUMERIK PLC Programming Tool to V3.3.12 or later
TIA Portal Cloud Connector
HOTFIXUpdate TIA Portal Cloud Connector to V2.0 or later
Totally Integrated Automation Portal (TIA Portal) V15.1
HOTFIXUpdate TIA Portal V17 to Update 8 or later
HOTFIXUpdate TIA Portal V18 to Update 4 or later
HOTFIXUpdate TIA Portal V19 to Update 2 or later
All products
HOTFIXUpdate SIMATIC BATCH to V9.1 SP2 Upd5 or later
Long-term hardening
0/1HARDENINGSegregate engineering and supervisory networks from business networks using firewalls and network segmentation
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c45608bd-6ca3-4457-9747-75295910a8d1Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.