The industrial supplier Siemens has patched two critical vulnerabilities in the Siemens application that bad actors are exploiting in the wild.
Siemens has also informed its customers that its researchers are already working on updates for other products affected by the same flaw. Every company that is using Siemens WinCC application is invited to apply the patches as soon as possible.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a security advisory (ICSA-14-329-02) that includes the list of affected systems:
The SIMATIC WinCC is a SCADA application widely used in the industrial environments as visualization tool for the control systems. WinCC is part of the Simantic product family and is integrated into the HMI, or Human Machine Interface, component. TIA Portal is an engineering software used in the Simantic product line.
“The affected product, SIMANTIC WinCC, is a supervisory control and data acquisition (SCADA) system. PCS7 is a distributed control system (DCS) integrating SIMANTIC WinCC. TIA Portal is engineering software for SIMATIC products. This software is deployed across several sectors including Chemical, Energy, Food and Agriculture, and Water and Wastewater Systems. Siemens estimates that these products are used primarily in the United States and Europe with a small percentage in Asia.” states the advisory of the ICS-CERT.
The Siemens systems affected by the vulnerabilities are vital components for the control of processes in several industries, including energy, chemical, food and agriculture and wastewater systems in the United States and Europe. Unfortunately the number of cyber attacks against these system is in constant increase, both cyber criminals and state-sponsored hackers have recently hit the SCADA systems for different purposes causing great concerns to the authorities.
One of the vulnerabilities is a remote code execution flaw coded as CVE-2014-8551 that is ranked by the ICS-CERT as very critical, its rating is 10 of 10.
“A component within WinCC could allow remote code execution for unauthenticated users if specially crafted packets are sent to the WinCC server,” ICS-CERT reports.
The vulnerabilities allow remote code execution without any authentication, and as explained by the experts their impact depends on many factors specific to each organization.
The exploitation of the first flaw allows a remote code execution while the second allows an attacker to steal files from a targeted server running the WinCC application.
“An attacker with a low skill would be able to exploit these vulnerabilities,” states the advisory.
(Security Affairs – Siemens WinCC, SCADA)