Multiple Security Vulnerabilities Reported in Siemens SIMATIC WinCC

ITS Advisory Number: 
2014-103
Date(s) Issued: 
Monday, December 1, 2014
Subject: 
Multiple Security Vulnerabilities Reported in Siemens SIMATIC WinCC
Overview: 

Multiple vulnerabilities have been discovered in SIMATIC WinCC, Siemen's Supervisory Control and Data Acquisition (SCADA) system. SCADA is a system that provides control of remote equipment and is used to monitor and control physical processes involved in industry and infrastructure. These industries include, but are not limited to, food and beverage, water and wastewater, oil and gas, and chemical. These vulnerabilities could allow unauthenticated remote code execution. Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information or gain privileges of the logged in user, or an unauthenticated user to access and extract arbitrary files on the WINcc server. Depending on the privileges associated with the logged on user, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights.

Systems Affected: 

All versions of SIMATIC WinCC prior to version 7.3 Update 2
All versions of SIMATIC PCS7 (as WinCC is incorporated) prior to version 8.1 Update 2
All versions of TIA Portal (including WinCC Professional Runtime) prior to V13 Update 6

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple vulnerabilities have been discovered in SIMATIC WinCC. Details of these vulnerabilities are as follows:

A component within WinCC could allow remote code execution for unauthenticated users if specially crafted packets are sent to the WinCC server. [CVE-2014-8551]
A component within WinCC could allow unauthenticated users to extract arbitrary files from the WinCC server if specially crafted packets are sent to the server. [CVE-2014-8552]

Actions: 

We recommend the following actions be taken:

Upgrade to SIMATIC WinCC v7.3 Update 2 as these vulnerabilities have been mitigated in this version.
White list trusted networks and clients.
Only allow trusted traffic over TCP port 1433.
Deactivate all unnecessary users on the WinCC server.