← Back to home
ICSA-16-208-01C  ·  Published 2025-06-25  ·  View on CISA ICS-CERT ↗

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

CVSS 9.8 CRITICAL

CVEs (2)

Remediations

  • Siemens has produced updates for the following products and strongly encourages users to upgrade to the new versions as soon as possible: SIMATIC WinCC V7.0 SP2: Update to V7.0 SP2 Update 12 (https://support.industry.siemens.com/cs/ww/en/view/109741519)
  • SIMATIC WinCC V7.0 SP3:: Update to V7.0 SP3 Update 8 (https://support.industry.siemens.com/cs/ww/en/view/109741127)
  • SIMATIC WinCC V7.2: Update to WinCC V7.2 Update 13 (https://support.industry.siemens.com/cs/ww/en/view/109739416)
  • SIMATIC WinCC V7.3: Update to WinCC V7.3 Update 10 (https://support.industry.siemens.com/cs/ww/en/view/109738470)
  • SIMATIC WinCC V7.4: Update to WinCC V7.4 Update 1 (https://support.industry.siemens.com/cs/ww/de/view/109738653)
  • SIMATIC PCS 7 V7.1 SP4 and earlier versions: WinCC: Update to WinCC V7.0 SP2 Update 12 (https://support.industry.siemens.com/cs/ww/en/view/109741519)
  • BATCH: Update to BATCH V7.1 SP1 Update 21 (https://support.industry.siemens.com/cs/ww/en/view/109738681)
  • BATCH: Update to BATCH V7.1 SP2 Update 11 (https://support.industry.siemens.com/cs/ww/en/view/109738681)
  • Route Control: Update to Route Control V7.1 SP2 Update 6 (https://support.industry.siemens.com/cs/ww/en/view/109738681)
  • OpenPCS 7: Update to OpenPCS 7 V7.1 SP4 Update 2 (https://support.industry.siemens.com/cs/ww/en/view/109738681)
  • SIMATIC PCS 7 V8.0 SP2: WinCC: Update to WinCC V7.2 Update 13 (https://support.industry.siemens.com/cs/ww/en/view/109739416)
  • BATCH: Update to BATCH V8.0 SP1 Update 17 (https://support.industry.siemens.com/cs/ww/en/view/109738680)
  • Route Control: Update to Route Control V8.0 SP1 Update 6 (https://support.industry.siemens.com/cs/ww/en/view/109738680)
  • OpenPCS 7: Update to OpenPCS 7 V8.0 SP1 Update 8 (https://support.industry.siemens.com/cs/ww/en/view/109738680)
  • SIMATIC PCS 7 V8.1 SP1: WinCC: Update to WinCC V7.3 Update 10 (https://support.industry.siemens.com/cs/ww/en/view/109738470)
  • BATCH: Update to BATCH V8.1 SP1 Update 11 (https://support.industry.siemens.com/cs/ww/en/view/109738678)
  • Route Control: Update to Route Control V8.1 Update 2 (https://support.industry.siemens.com/cs/ww/en/view/109738678)
  • OpenPCS 7: Update to OpenPCS 7 V8.1 Update 3 (https://support.industry.siemens.com/cs/ww/en/view/109738678)
  • SIMATIC PCS 7 V8.2: WinCC: Update to WinCC V7.4 Update 1 (https://support.industry.siemens.com/cs/ww/de/view/109738653)
  • BATCH: Update to BATCH V8.2 Update 1 (https://support.industry.siemens.com/cs/ww/en/view/109738678)
  • Route Control: Update to Route Control V8.2 Update 1 (https://support.industry.siemens.com/cs/ww/en/view/109738678)
  • OpenPCS 7: Update to OpenPCS7 V8.2 Update 1
  • Contact Customer Support: (https://support.industry.siemens.com/cs/de/en/)
  • SIMATIC WinCC Runtime Professional V13: Update to WinCC Runtime Professional V13 SP1 Update 9: (https://support.industry.siemens.com/cs/ww/en/view/109311724)
  • Until updates can be applied, Siemens recommends the following steps to mitigate the risk: Always run WinCC, WinCC Runtime Professional, and PCS 7 stations within a trusted network.
  • Ensure that WinCC, WinCC Runtime Professional, and PCS 7 stations communicate via encrypted channels only (e.g., activate feature “Encrypted Communications” in WinCC V7.3 and PCS 7 V8.1 SP1, or establish a VPN tunnel).
  • Restrict access to the WinCC, WinCC Runtime Professional and PCS 7 stations to trusted entities.
  • Apply up-to-date application whitelisting software and virus scanners.
  • For more information on these vulnerabilities and more detailed mitigation instructions, please see Siemens Security Advisory SSA-378531 at the following location: (http://www.siemens.com/cert/en/cert-security-advisories.htm)
  • As a general security measure Siemens strongly recommends protecting network access to the WinCC and PCS 7 stations with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment. (https://www.siemens.com/cert/operational-guidelines-industrial-security)

Affected Vendors

Siemens

Affected Products (10)

Siemens · SIMATIC WinCC 7.0 SP2 <Update_12
Siemens · SIMATIC WinCC 7.0 SP3 <Update_8
Siemens · SIMATIC WinCC 7.2 <Update_13
Siemens · SIMATIC WinCC 7.3 <Update_10
Siemens · SIMATIC WinCC 7.4 <Update_1
Siemens · SIMATIC PCS 7 (WinCC, Batch, Route Control, OPEN PCS 7) <V7.1_SP4_with_WinCC_V7.0_SP2_Update_12
Siemens · SIMATIC PCS 7 (WinCC, Batch, Route Control, OPEN PCS 7) <V8.0_SP2_with_WinCC_V7.2_Update_13
Siemens · SIMATIC PCS 7 (WinCC, Batch, Route Control, OPEN PCS 7) <8.1_SP1_with_WinCC_V7.3_Update_10
Siemens · SIMATIC PCS 7 (WinCC, Batch, Route Control, OPEN PCS 7) <8.2_with_WinCC_V7.4_Update_1
Siemens · SIMATIC WinCC Runtime Professional <V13_SP_1_Update_9

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more