Exploit for vulnerabilities may already exist

Nov 27, 2014 12:38 GMT  ·  By

Siemens released an out-of-band update for the WinCC SCADA application integrated in a number of Industrial Control Systems (ICS) from the company, following fear that two vulnerabilities may already be exploited.

The list of products affected by the two security glitches discovered include versions before the current updates for SIMATIC WinCC, SIMATIC PCS7, and TIA Portal V13 (WinCC Professional Runtime included).

According to a report from ICS-CERT (Cyber Emergency Response Team), the weaknesses allow an attacker to execute remote code without the need of authentication.

Malcrafted packets to the server can open the door to an attacker

One of the flaws, identified as CVE-2014-8551, can be exploited by sending specially crafted packets to the vulnerable WinCC server. It has received the maximum score of 10 based on the CVSS (Common Vulnerability Scoring System) standard.

The second glitch (CVE-2014-8552) is less severe and has been assigned a score of 7.8. By sending particular packets to the WinCC server, an unauthenticated user could be able to extract arbitrary files.

ICS-CERT believes that exploits may be available, based on information that at least one of the glithes has been leveraged in a recent campaign.

As far as the difficulty in exploiting them is concerned, ICS-CERT warns that low skills are sufficient for pulling the job.

Organizations can be impacted differently, depending on the operational environment, architecture and product implementation.

However, to mitigate the risk, Siemens released patches for WinCC available in TIA Portal V13 (WinCC V13 Update 6), PCS 7 version 8.0 (WinCC 7.2 Update 9) and PCS 7 8.1 (WinCC 7.3 Update 2).

Company offers a set of mitigation solutions

Other products are also affected and the company is currently working on creating fixes for them too.

Until these become available, Siemens recommends running the WinCC server only from a trusted network, ensuring encrypted communication with the application, and limiting access to the server to trusted individuals.

Using an updated application white-listing solution along with antivirus scanners is also on the list of recommendations.

Due to the sensitive nature of the SCADA (supervisory control and data acquisition) systems, restricting access to the Internet and isolating control system networks from the business network are also part of the best practices to avoid compromise.

WinCC is a SCADA program intended for visualizing processes in different industries (pharmaceutical, water treatment) on a large scale and over long distances, and it can also be used to automate them.

TIA Portal V13 (5 Images)

TIA Portal V13
SIMATIC WinCCSCADA control room
+2more