Information Disclosure Vulnerability in SIMATIC WinCC
Monitor5.9SSA-883918Jul 9, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary
Multiple versions of SIMATIC WinCC and SIMATIC PCS 7 do not properly validate requests to their web applications (WinCC WebNavigator, PCS 7 Web Server, and PCS 7 Web Diagnostics Server). An unauthenticated remote attacker can exploit improper request handling to leak privileged information including user credentials and passwords. Affected versions: SIMATIC PCS 7 V9.1 (before 9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (before 18 Update 5) and V19 (before 19 Update 2), SIMATIC WinCC V7.4 (before 7.4 SP1 Update 23), V7.5 (before 7.5 SP2 Update 17), and V8.0 (before 8.0 Update 5).
What this means
What could happen
An attacker can retrieve sensitive information such as usernames and passwords from the WinCC web interface without authentication, potentially gaining unauthorized access to control system configuration and operator accounts.
Who's at risk
Water utilities and electric utilities using SIMATIC WinCC or PCS 7 for real-time monitoring and control rely on these systems for SCADA dashboards, alarm management, and operator interfaces. WinCC web servers expose remote access to plant operations data. This affects any organization running WinCC V7.4, V7.5, V8.0, WinCC Runtime Professional V18/V19, or PCS 7 V9.1.
How it could be exploited
An attacker sends specially crafted requests to the WinCC WebNavigator, PCS 7 Web Server, or PCS 7 Web Diagnostics Server web application over the network. The web server fails to properly validate or restrict access to certain endpoints, allowing the attacker to extract credential information and other privileged data without providing valid authentication.
Prerequisites
- Network access to port 80/443 (HTTP/HTTPS) on the WinCC web server
- WinCC WebNavigator, PCS 7 Web Server, or PCS 7 Web Diagnostics Server enabled and accessible
remotely exploitableno authentication requiredinformation disclosurecredential exposuremedium complexity
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
SIMATIC PCS 7 V9.1All versions < V9.1 SP2 UC059.1 SP2 UC05
SIMATIC WinCC Runtime Professional V18All versions < V18 Update 518 Update 5
SIMATIC WinCC Runtime Professional V19All versions < V19 Update 219 Update 2
SIMATIC WinCC V7.4All versions < V7.4 SP1 Update 237.4 SP1 Update 23
SIMATIC WinCC V7.5All versions < V7.5 SP2 Update 177.5 SP2 Update 17
SIMATIC WinCC V8.0All versions < V8.0 Update 58.0 Update 5
Remediation & Mitigation
0/8
Do now
0/2WORKAROUNDRestrict network access to the WinCC web interface using firewall rules; limit access to trusted engineering workstations and control center networks only
HARDENINGDisable WinCC WebNavigator, PCS 7 Web Server, and PCS 7 Web Diagnostics Server if they are not actively used in your operations
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
SIMATIC PCS 7 V9.1
HOTFIXUpdate SIMATIC PCS 7 V9.1 to version 9.1 SP2 UC05 or later
SIMATIC WinCC Runtime Professional V18
HOTFIXUpdate SIMATIC WinCC Runtime Professional V18 to version 18 Update 5 or later
SIMATIC WinCC Runtime Professional V19
HOTFIXUpdate SIMATIC WinCC Runtime Professional V19 to version 19 Update 2 or later
SIMATIC WinCC V7.4
HOTFIXUpdate SIMATIC WinCC V7.4 to version 7.4 SP1 Update 23 or later
SIMATIC WinCC V7.5
HOTFIXUpdate SIMATIC WinCC V7.5 to version 7.5 SP2 Update 17 or later
SIMATIC WinCC V8.0
HOTFIXUpdate SIMATIC WinCC V8.0 to version 8.0 Update 5 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/79c37115-bdf3-4518-944f-90bb740aea00