← Back to home
SIEMENS-SSA-705517  ·  Published 2019-05-14  ·  View on Siemens ProductCERT ↗

SSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 7

CVSS N/A MEDIUM

Risk Summary

<p>A vulnerability was identified in SIMATIC WinCC and SIMATIC PCS 7, which could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. The vulnerability can be exploited if the affected systems do not have &quot;Encrypted Communication&quot; enabled.</p> <p>Siemens provides versions of SIMATIC WinCC and SIMATIC PCS 7, that allow to enable a mode called &quot;Encrypted Communication&quot;, which mitigates the vulnerability.</p> <p>&quot;Encrypted communication&quot; is enabled by default starting with SIMATIC WinCC V7.5.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 7 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more