Siemens has an upgrade that can handle a missing authentication for critical function vulnerability in its SIMATIC WinCC and SIMATIC PCS 7, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. Vladimir Dashchenko and Sergey Temnikov from Kaspersky Lab discovered the vulnerability.
Siemens said the vulnerability affects the following SIMATIC products:
• SIMATIC PCS 7 v8.0 and earlier
• SIMATIC PCS 7 v8.1 and newer (if “Encrypted Communication” is disabled)
• SIMATIC WinCC v7.2 and earlier
• SIMATIC WinCC v7.3 and newer (if “Encrypted Communication” is disabled)
In the vulnerability, if affected installations do not have “Encrypted Communication” configured, an unauthenticated attacker with network access may be able to execute arbitrary code.
CVE-2019-10922 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.
The product sees use in the chemical, energy, food and agriculture, and water and wastewater systems sectors. It is also deployed on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Siemens recommends the following mitigations:
• Upgrade SIMATIC WinCC to v7.3 or newer
• Upgrade SIMATIC PCS 7 to v8.1 or newer
• Enable “Encrypted Communications” (some newer versions have this enabled by default)
• Apply defense-in-depth concepts
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends users configure their environment according to Siemens’ operational guidelines for industrial security and follow the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.
For more information on the vulnerability and more detailed mitigation instructions, see Siemens security advisory SSA-705517.