SSA-705517 (Last Update: 2019-05-14): Remote Code Execution Vulnerability in SIMATIC WinCC and SIMATIC PCS 7

Published

2019-05-14 00:00:00 UTC

Summary

A vulnerability was identified in SIMATIC WinCC and SIMATIC PCS 7, which could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. The vulnerability can be exploited if the affected systems do not have "Encrypted Communication" enabled.

Siemens provides versions of SIMATIC WinCC and SIMATIC PCS 7, that allow to enable a mode called "Encrypted Communication", which mitigates the vulnerability.

"Encrypted communication" is enabled by default starting with SIMATIC WinCC V7.5.