Industry News

Five Severe Vulnerabilities Fixed in Siemens’ SIMATIC WinCC SCADA System

Siemens has issued an update to its SIMATIC WinCC SCADA system due to five severe vulnerabilities, the company said in an advisory. Impacted products include SIMATIC WinCC before version 7.3, and SIMATIC PCS7 before version 8.1.

“The most severe of these vulnerabilities could allow privilege escalation in the WinCC Project administration application under certain conditions,” the advisory said.

Five Severe Vulnerabilities Fixed in Siemens' SIMATIC WinCC SCADA System

The SIMATIC WinCC is a SCADA system mostly used on a large scale in infrastructure and industry for controlling and monitoring physical processes. The five vulnerabilities are listed from CVE-2014-4682 to CVE-2014-4686 and were fixed in SIMATIC WinCC v7.3.

Details on the five vulnerabilities are as follows:

1. CVE-2014-4682 – An attacker could gain unauthenticated access to sensitive information by sending crafted HTTP requests to ports 80/tpc and 443/tcp from the WinCC WebNavigator server.

2. CVE-2014-4683 – The attacker can escalate privileges in the WinCC by exploiting the first vulnerability.

3. CVE-2014-4684 – An authenticated attacker could escalate privileges in the SIMATIC WinCC database server by sending a crafted command to port 1433/tcp to the server database.

4. CVE-2014-4685 – Limited privilege escalation can be performed by a local user by exploiting the access permissions on system objects.

5. CVE-2014-4686 – An attacker could gain a hardcoded encryption key and perform privilege escalation within the WinCC Project admin application if the network communication of a legitimate user on port 1030/tcp is captured.

To exploit vulnerabilities 2 and 3, an attacker must be authenticated. Also local system access is required to exploit vulnerability 4.

The prime condition for an attacker to exploit the other vulnerabilities is to possess network access to the WinCC server.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.