Vulnerability in OPC Foundation Local Discovery Server Affecting Siemens Products
Plan Patch7.8SSA-691715Apr 11, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in OPC Foundation Local Discovery Server affects multiple Siemens products, including SIMATIC NET PC Software, OpenPCS 7, SIMATIC WinCC, SIMATIC Process Historian, and TeleControl Server Basic. The flaw could allow local privilege escalation under certain conditions.
What this means
What could happen
An attacker with local access to an engineering workstation or server running affected Siemens software could escalate privileges, potentially gaining full control to modify automation programs, change process configurations, or shut down critical operations.
Who's at risk
Water utilities and municipal electric systems that use Siemens engineering workstations, SCADA servers (WinCC), process historians, or remote telemetry systems (TeleControl). Specifically affects operators and engineers who use SIMATIC NET PC Software, OpenPCS 7, WinCC, WinCC Runtime Professional, SIMATIC Process Historian, and TeleControl Server Basic for automation and data management.
How it could be exploited
The attacker must have local access to a system running OPC Foundation Local Discovery Server (embedded in affected Siemens products). With low-level user privileges, they exploit an input validation flaw to escalate to system or administrator level, then modify or deploy malicious control logic.
Prerequisites
- Local access to the affected system (physical or via remote desktop/SSH)
- User-level or higher privileges on the engineering workstation or server
privilege escalation to system/administrator levelaffects engineering workstations and historian serverslow complexity exploitationmultiple products without patches availableimpacts process control and data logging
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (12)
7 with fix5 EOL
ProductAffected VersionsFix Status
SIMATIC NET PC Software V16All versions < V16 Update 816 Update 8
SIMATIC NET PC Software V17All versions < V17 SP1 Update 117 SP1 Update 1
SIMATIC NET PC Software V18All versions < V18 Update 118 Update 1
SIMATIC WinCC< 8.08.0
SIMATIC WinCC Runtime ProfessionalAll versions < V18 Update 218 Update 2
SIMATIC WinCC Unified PC Runtime V18All versions < V18.0 SP1 Update 118.0 SP1 Update 1
TeleControl Server Basic V3< 3.1.23.1.2
OpenPCS 7 V9.1All versionsNo fix (EOL)
Remediation & Mitigation
0/9
Do now
0/1HARDENINGRestrict local administrative access and user account permissions on engineering workstations and servers running OPC components—disable unnecessary local accounts and enforce strong access controls
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
SIMATIC NET PC Software V16
HOTFIXUpdate SIMATIC NET PC Software V16 to Update 8 or later
SIMATIC NET PC Software V17
HOTFIXUpdate SIMATIC NET PC Software V17 to SP1 Update 1 or later
SIMATIC NET PC Software V18
HOTFIXUpdate SIMATIC NET PC Software V18 to Update 1 or later
SIMATIC WinCC
HOTFIXUpdate SIMATIC WinCC Runtime Professional to V18 Update 2 or later
HOTFIXUpdate SIMATIC WinCC Unified PC Runtime V18 to V18.0 SP1 Update 1 or later
HOTFIXUpdate SIMATIC WinCC to version 8.0 or later
All products
HOTFIXUpdate TeleControl Server Basic to V3.1.2 or later
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: OpenPCS 7 V9.1, SIMATIC NET PC Software V14, SIMATIC NET PC Software V15, SIMATIC Process Historian 2020 OPC UA Server, SIMATIC Process Historian 2022 OPC UA Server. Apply the following compensating controls:
HARDENINGIsolate engineering workstations and historian servers on a segmented network; prevent non-engineering users from accessing these systems remotely
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/093cda39-44f7-414f-a2a1-8b30f49de627