Vulnerability in Industrial Products

Plan Patch8.2SSA-535640Aug 30, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple Siemens industrial products are affected by a denial-of-service vulnerability (CVE-2017-12069) in the OPC UA protocol stack's Discovery Service. An attacker can trigger remote resource consumption attacks by sending crafted requests to the OPC UA discovery service, causing the affected service to consume excessive CPU and memory resources. This impacts SIMATIC IT Production Suite, SIMATIC NET PC Software, SIMATIC PCS 7, and SIMATIC WinCC products.

What this means

What could happen

An attacker could send specially crafted OPC UA discovery service requests to trigger denial-of-service conditions on affected Siemens industrial servers, potentially interrupting production operations and engineering workstation access.

Who's at risk

Manufacturing facilities using Siemens SIMATIC IT Production Suite, SIMATIC NET PC Software, SIMATIC PCS 7, or SIMATIC WinCC for process monitoring and engineering should assess this risk. It affects both HMI servers and engineering workstations that expose OPC UA discovery services to the network.

How it could be exploited

An attacker on the network sends malicious OPC UA discovery requests to port 4840 (or the configured OPC UA discovery port) on Siemens products using the vulnerable OPC UA stack. The requests consume excessive resources (memory/CPU), causing the service to slow or become unresponsive, denying access to legitimate engineering and operational traffic.

Prerequisites

Network access to OPC UA discovery port (default port 4840 or configured alternative)
OPC UA discovery service enabled on the target device or server
No authentication required to trigger resource consumption

remotely exploitableno authentication requiredlow complexityaffects engineering and HMI systemsmultiple products with no patch available

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (6)

3 with fix3 EOL

ProductAffected VersionsFix Status

SIMATIC IT Production SuiteAll Versions ≥ V6.5 and < V7.17.1

SIMATIC NET PC Software V14< V14 SP1 Update 1414 SP1 Update 14

SIMATIC WinCC Runtime Professional V14All Versions < V14 SP114 SP1

SIMATIC PCS 7Versions V8.0, V8.1No fix (EOL)

SIMATIC WinCCAll Versions < V7.2No fix (EOL)

SIMATIC WinCC Runtime Professional V13All VersionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable OPC UA discovery service if not required for operations

HARDENINGRestrict network access to OPC UA discovery ports (default 4840) at the firewall to only authorized engineering and integration systems

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

SIMATIC IT Production Suite

HOTFIXUpdate SIMATIC IT Production Suite to version 7.1 or later

SIMATIC WinCC Runtime Professional V14

HOTFIXUpdate SIMATIC WinCC Runtime Professional V14 to version 14 SP1 or later

All products

HOTFIXUpdate SIMATIC NET PC Software to version 14 SP1 Update 14 or later

CVEs (1)

CVE-2017-12069

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/71e4d1c8-adc3-4c9a-8e3f-6e1c62e977a3