Multiple Vulnerabilities in Siemens Products Could Allow For Remote Code Execution
MS-ISAC ADVISORY NUMBER:2016-111
Multiple vulnerabilities have been discovered in the Siemen's SIMATIC WinCC and PCS software, which could allow for remote code execution. PCS is a distributed control system (DCS) integrating SIMATIC WinCC. SIMATIC WinCC is a SCADA system that is used to monitor and control physical processes involved in industry and infrastructure. This software is used in many industries, including food and beverage, water and wastewater, oil and gas, and chemical. Successful exploitation of these vulnerabilities could allow a remote attacker to execute code to take control of the system.
There are currently no reports of these vulnerabilities being exploited in the wild.
- Large and medium government entities: HIGH
- Small government entities: HIGH
- Large and medium business entities: HIGH
- Small business entities: HIGH
Multiple vulnerabilities have been discovered in SIMATIC WinCC and PCS software. Details of these vulnerabilities are as follows:
A vulnerability found in SIMATIC WinCC or WinCC Runtime Professional could allow for unauthenticated users to remotely execute code by sending specially crafted packets. (CVE-2016-5743)
An arbitrary file read vulnerability found in SIMATIC WinCC that could allow unauthenticated users to extract arbitrary files from a WinCC station by sending specially crafted packets.(CVE-2016-5744)
Successful exploitation of these vulnerabilities could allow a remote attacker to execute code to take control of the system.
We recommend the following actions be taken:
Apply appropriate patches provided by Siemens to vulnerable systems, as available, immediately after appropriate testing.
Always run WinCC, WinCC Runtime Professional and PCS 7 stations within a trusted network and ensure they communicate only via trusted channels.
Whitelist trusted networks and clients.
Only allow trusted traffic over TCP port 1433.
Deactivate all unnecessary users on the WinCC server.