Siemens SIMATIC WinCC and SIMATIC PCS 7 ActiveX Vulnerability

CVEs (1)

Remediations

• Siemens provides SIMATIC WinCC Version 7.2 and newer, and PCS7 Version 8.0 SP2 and newer, which fix the vulnerability. Users can obtain these newer versions by contacting the local Siemens representative or customer support at: (https://w3.siemens.com/aspa_app/)
• Until users can upgrade to the new versions, Siemens recommends the following mitigations to reduce the risk: Only allow execution of ActiveX components on trusted sites. Apply defense-in-depth concepts.
• For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-693129 at the following location: (http://www.siemens.com/cert/en/cert-security-advisories.htm)
• Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment. (https://www.siemens.com/cert/operational-guidelines-industrial-security)

Affected Vendors

Affected Products (2)