Siemens has a new version available to mitigate multiple vulnerabilities in its SIMATIC PCS 7, WinCC Runtime Professional, and WinCC (TIA Portal), according to a report with NCCIC.
The remotely exploitable vulnerabilities include SQL injection, uncaught exception, and exposed dangerous method.
Successful exploitation of these vulnerabilities, discovered by Vladimir Dashchenko and Sergey Temnikov from Kaspersky Lab, CNCERT/CC, and ChengBin Wang from Guoli Security Technology, could allow an attacker to execute arbitrary commands on the affected system.
The following SIMATIC products suffer from the issues:
• SIMATIC PCS 7 v8.0 and earlier
• SIMATIC PCS 7 v8.1
• SIMATIC PCS 7 v8.2
• SIMATIC PCS 7 v9.0
• SIMATIC WinCC (TIA Portal) v13
• SIMATIC WinCC (TIA Portal) v14
• SIMATIC WinCC (TIA Portal) v15
• SIMATIC WinCC Runtime Professional, all versions
• SIMATIC WinCC v7.2 and earlier
• SIMATIC WinCC v7.3
• SIMATIC WinCC v7.4
• SIMATIC WinCC v7.5, all versions prior to v7.5, Update 3
In one vulnerability, an attacker with network access to the project file could run arbitrary system commands with the privileges of the local database server. This may impact the confidentiality, integrity, and availability of the affected system.
CVE-2019-10916 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.1.
In addition, an attacker with local access to the project file could cause a denial-of-service condition on the affected product as the project file is loaded. Successful exploitation could compromise availability of the affected system.
CVE-2019-10917 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 3.3.
Also, an authenticated attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. Successful exploitation could compromise confidentiality, integrity, and availability of the affected system.
CVE-2019-10918 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 8.8.
The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.
No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.
Siemens has an update available for this product: SIMATIC WinCC v7.5: Updated to v7.5 Update 3
Siemens recommends users apply the following specific workarounds and mitigations to reduce risk until updates or patches are available:
• Apply defense-in-depth strategies
• Enable “Encrypted communication” in SIMATIC WinCC and SIMATIC PCS 7
• Only open project files from trusted locations
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure their environment according to Siemens’ operational guidelines for industrial security and follow the recommendations in the product manuals.
Click here for additional information on industrial security by Siemens.
For more information on these vulnerabilities and more detailed mitigation instructions, see Siemens security advisory SSA-697412.