← Back to home
ICSA-12-205-01  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

Siemens WinCC Insecure SQL Server Authentication

CVSS 7.8 HIGH

CVEs (1)

Remediations

  • Siemens has addressed this vulnerability in SIMATIC WinCC V7.0 SP2 Update 1 (V 7.0.2.1) and newer. The latest software update, V7.0 SP3 Update 2, is provided at the Siemens product update page.e Siemens recommends that SIMATIC PCS 7 users should apply this update. The updated version removes the default credentials and switches authentication mechanisms to Windows protocols. Siemens strongly encourages installing the software updates as soon as possible. For further information please review Siemens Security Advisory SSA-027884 (https://cert-portal.siemens.com/productcert/pdf/ssa-027884.pdf), which can be found at the Siemens ProductCERT website.

Affected Vendors

Siemens

Affected Products (2)

Siemens · SIMATIC WinCC <V7.0_SP2_Update_1_V_7.0.2.1
Siemens · SIMATIC PCS 7 <V7.1_SP2

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more