tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Siemens Products Could Allow For Remote Code Execution

Multiple Vulnerabilities in Siemens Products Could Allow For Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2016-111

DATE(S) ISSUED:

07/25/2016

OVERVIEW:

Multiple vulnerabilities have been discovered in the Siemen's SIMATIC WinCC and PCS software, which could allow for remote code execution. PCS is a distributed control system (DCS) integrating SIMATIC WinCC. SIMATIC WinCC is a SCADA system that is used to monitor and control physical processes involved in industry and infrastructure. This software is used in many industries, including food and beverage, water and wastewater, oil and gas, and chemical. Successful exploitation of these vulnerabilities could allow a remote attacker to execute code to take control of the system.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
N/A

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in SIMATIC WinCC and PCS software. Details of these vulnerabilities are as follows:

A vulnerability found in SIMATIC WinCC or WinCC Runtime Professional could allow for unauthenticated users to remotely execute code by sending specially crafted packets. (CVE-2016-5743)
An arbitrary file read vulnerability found in SIMATIC WinCC that could allow unauthenticated users to extract arbitrary files from a WinCC station by sending specially crafted packets.(CVE-2016-5744)
Successful exploitation of these vulnerabilities could allow a remote attacker to execute code to take control of the system.

RECOMENDATIONS:

We recommend the following actions be taken:
Apply appropriate patches provided by Siemens to vulnerable systems, as available, immediately after appropriate testing.
Always run WinCC, WinCC Runtime Professional and PCS 7 stations within a trusted network and ensure they communicate only via trusted channels.
Whitelist trusted networks and clients.
Only allow trusted traffic over TCP port 1433.
Deactivate all unnecessary users on the WinCC server.

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Controls That Help Avoid This Issue Arrow CIS Control 1: Inventory of Authorized and Unauthorized Devices Arrow CIS Control 4: Continuous Vulnerability Assessment and Remediation