ICSA-17-129-03
·
Published 2017-05-09
·
View on CISA ICS-CERT ↗
Siemens SIMATIC WinCC and SIMATIC WinCC Runtime Professional
CVSS 4.9
MEDIUM
Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit.
CVEs (1)
Remediations
- Siemens has released updates for the following products and strongly encourages users to upgrade to the new versions as soon as possible:
- https://support.industry.siemens.com/cs/ww/en/view/109746452
- https://support.industry.siemens.com/cs/ww/en/view/109746038
- https://support.industry.siemens.com/cs/ww/en/view/109746268
- https://support.industry.siemens.com/cs/ww/en/view/109746276
- https://support.industry.siemens.com/cs/ww/en/view/109746075
- https://support.industry.siemens.com/cs/ww/en/view/109746074
- For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-156872 at the following location:
- http://www.siemens.com/cert/en/cert-security-advisories.htm
- As a general security measure Siemens strongly recommends protecting network access to SIMATIC WinCC, SIMATIC WinCC Runtime, and SIMATIC WinCC (TIA Portal) Professional stations with appropriate mechanisms. Siemens advises configuring the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.
- https://www.siemens.com/cert/operational-guidelines-industrial-security
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
SIMATIC WinCC Runtime Professional / SIMATIC WinCC (TIA Portal) Professional
< 14 SP1
Siemens
·
SIMATIC WinCC Runtime Professional / SIMATIC WinCC (TIA Portal) Professional
< 13 SP2
Siemens
·
SIMATIC WinCC
< 7.4 SP1
Siemens
·
SIMATIC WinCC
< 7.3 Update 11
Affected Sectors
Food and Agriculture, Chemical, Energy, Water and Wastewater Systems
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more