Local Code Execution Vulnerability in SIMATIC WinCC V7
Plan Patch7.8SSA-914026Jun 13, 2023
Attack VectorLocal
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary
SIMATIC WinCC V7 versions prior to 7.5.2.13 contain a local code execution vulnerability that could allow a local attacker to inject arbitrary code and escalate privileges if a non-default installation path was chosen during installation.
What this means
What could happen
An attacker with local access to a WinCC engineering workstation could run arbitrary commands with elevated privileges, potentially allowing them to modify process logic, alarm settings, or historian data that supervisory operators rely on.
Who's at risk
Water and electric utilities operating SIMATIC WinCC V7 engineering workstations as SCADA HMI (human-machine interface) systems. Affects facilities using WinCC for process monitoring, alarm management, and operator control panels if installed with non-default paths.
How it could be exploited
An attacker with local shell access to a WinCC V7 system that was installed with a non-default path could inject malicious code through the non-standard installation directory and escalate privileges to execute commands in the WinCC context.
Prerequisites
- Local shell access or ability to execute code on the WinCC workstation
- Non-default installation path chosen during WinCC setup (default installation path is not vulnerable)
Requires local access onlyLow complexity exploitationAffects HMI/SCADA engineering systemsPrivilege escalation capability
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC WinCC< V7.5.2.137.5.2.13
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC WinCC V7 to version 7.5.2.13 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/eccf8ee8-0137-4ea5-b5bf-b03a3c1f38d3