Siemens WinCC Multiple Vulnerabilities

CVSS 5.8 MEDIUM

CVEs (5)

CVE-2012-2598 CVE-2012-2597 CVE-2012-2595 CVE-2012-3003 CVE-2012-2596

Siemens has released security advisory SSA-223158 (http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf).
Siemens has produced an update that resolves all vulnerabilities except the buffer overflow in DiagAgent. The buffer overflow was not fixed, because the vulnerable DiagAgent is turned off by default and is no longer distributed or supported. The update is available in Update 2 for WinCC V7.0 SP3 (http://support.automation.siemens.com/WW/view/en/60984587). Siemens recommends applying this patch as soon as possible.
Siemens recommends not using DiagAgent, because it is no longer supported. Users can migrate to the SIMATIC Diagnostics Tool (http://support.automation.siemens.com/WW/view/en/44029135) or the SIMATIC Analyser (http://support.automation.siemens.com/WW/view/en/38645769).
The buffer overflow vulnerability can only be exploited if the user starts the DiagAgent Web server manually. Siemens recommends that users check to ensure that the DiagAgent Web server is disabled and cautions users to only enable this option if and when it is needed.

Siemens

Siemens · Siemens WinCC 7.0_SP3

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.