Denial-of-Service Vulnerability in SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional and SIMATIC NET PC Software

Plan Patch7.5SSA-348629Mar 27, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A denial-of-service vulnerability exists in multiple SIMATIC software products due to improper handling of network input (CWE-20). Affected products include SIMATIC PCS 7, OpenPCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, SIMATIC BATCH, SIMATIC Route Control, and SIMATIC NET PC Software. An attacker can send specially crafted network packets to cause the software to become unresponsive or crash, disrupting visualization and control of industrial processes.

What this means

What could happen

An attacker can send specially crafted network packets to these control system software components to cause them to become unresponsive or crash, disrupting process visualization, historical data collection, and engineering workstations that manage plant operations.

Who's at risk

This affects organizations using Siemens SIMATIC control system software for process automation, including petrochemical refineries, pharmaceutical plants, water treatment facilities, power distribution systems, and batch manufacturing. Impact is primarily on engineering workstations (WinCC, PCS 7) and production control servers (SIMATIC NET) that manage and visualize plant operations.

How it could be exploited

An attacker sends malformed network traffic to a device or workstation running affected SIMATIC software on a network accessible to them. The vulnerability is in network packet handling, so no special credentials or user interaction are required. The software crashes or hangs, stopping its ability to display real-time process data or accept control commands.

Prerequisites

Network access to affected SIMATIC software (port not specified; depends on software role)
No authentication or credentials required
Victim software must be running on network-accessible system

Remotely exploitable over networkNo authentication requiredLow attack complexityNo patch available for older product versions (7.x and 8.0/8.1 in some cases)Affects control system visualization and engineering infrastructureMany installations stuck on older versions due to operational continuity requirements

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (27)

7 with fix20 pending

ProductAffected VersionsFix Status

OpenPCS 7 V7.1 and earlierAll versionsNo fix yet

OpenPCS 7 V8.0All versionsNo fix yet

OpenPCS 7 V8.1< V8.1 Upd5No fix yet

OpenPCS 7 V8.2All versionsNo fix yet

OpenPCS 7 V9.0< V9.0 Upd1No fix yet

Remediation & Mitigation

0/14

Schedule — requires maintenance window

0/12

Patching may require device reboot — plan for process interruption

Long-term hardening

0/2

HARDENINGApply network segmentation to limit access to engineering workstations and PCS 7 servers from untrusted network segments

HARDENINGMonitor network traffic for unusual or malformed packets destined to SIMATIC software ports

CVEs (1)

CVE-2018-4832

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close