Siemens SIMATIC WinCC
Monitor5.9ICS-CERT ICSA-24-193-16Jul 9, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Multiple versions of SIMATIC WinCC and SIMATIC PCS 7 do not properly validate requests to their web applications (WinCC WebNavigator, PCS 7 Web Server, and PCS 7 Web Diagnostics Server), allowing unauthenticated remote attackers to retrieve sensitive information such as usernames and passwords. The vulnerability requires high attack complexity but could lead to unauthorized access to control system engineering workstations if credentials are compromised.
What this means
What could happen
An attacker could retrieve sensitive information such as usernames and passwords from the WinCC web interface without logging in, potentially gaining unauthorized access to the control system's engineering workstations or administrative functions.
Who's at risk
Water utilities and electric utilities using Siemens SIMATIC WinCC or PCS 7 for supervisory control and monitoring. Any organization running the WinCC web interface (WebNavigator or Web Server components) that is exposed to internal networks or the internet is at risk of credential theft.
How it could be exploited
An attacker on the network accesses the WinCC WebNavigator, PCS 7 Web Server, or PCS 7 Web Diagnostics Server through a web browser and sends specially crafted requests that bypass authentication checks, causing the web application to leak sensitive data like credentials in responses.
Prerequisites
- Network access to the WinCC web application port (typically HTTP/HTTPS)
- WinCC WebNavigator, PCS 7 Web Server, or PCS 7 Web Diagnostics Server exposed on the network
- Vulnerable version of SIMATIC WinCC or PCS 7 running
Remotely exploitableNo authentication requiredHigh attack complexityCredential disclosureAffects supervisory control systems
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
SIMATIC PCS 7 V9.1<V9.1 SP2 UC059.1 SP2 UC05
SIMATIC WinCC Runtime Professional V18<V18 Update 518 Update 5
SIMATIC WinCC Runtime Professional V19<V19 Update 219 Update 2
SIMATIC WinCC V7.4<V7.4 SP1 Update 237.4 SP1 Update 23
SIMATIC WinCC V7.5<V7.5 SP2 Update 177.5 SP2 Update 17
SIMATIC WinCC V8.0<V8.0 Update 58.0 Update 5
Remediation & Mitigation
0/8
Do now
0/1WORKAROUNDRestrict network access to WinCC web applications (WebNavigator, Web Server, Web Diagnostics) to trusted users and systems only using firewall rules or access control lists
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
SIMATIC PCS 7 V9.1
HOTFIXUpdate SIMATIC PCS 7 V9.1 to version 9.1 SP2 UC05 or later
SIMATIC WinCC Runtime Professional V18
HOTFIXUpdate SIMATIC WinCC Runtime Professional V18 to version 18 Update 5 or later
SIMATIC WinCC Runtime Professional V19
HOTFIXUpdate SIMATIC WinCC Runtime Professional V19 to version 19 Update 2 or later
SIMATIC WinCC V7.4
HOTFIXUpdate SIMATIC WinCC V7.4 to version 7.4 SP1 Update 23 or later
SIMATIC WinCC V7.5
HOTFIXUpdate SIMATIC WinCC V7.5 to version 7.5 SP2 Update 17 or later
SIMATIC WinCC V8.0
HOTFIXUpdate SIMATIC WinCC V8.0 to version 8.0 Update 5 or later
Long-term hardening
0/1HARDENINGSegment the control system network so WinCC web applications are not directly accessible from untrusted networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/76114b26-1c5d-4f7f-9cff-41eae1add23c