Security researcher Luigi Auriemma has revealed details and proof of concept code for multiple vulnerabilities in Siemens supervisory control and data acquisition (SCADA) systems, affecting the WinCC and Automation License Manager. The vulnerabilities reported could allow remote execution of malicious code and cause denial of service interruptions.
Mister Auriemma has a history of not following responsible disclosure procedures, and most likely provided little or no vendor notification and reaction time before going public with his findings. These vulnerabilities pose a significant potential threat, in my opinion, since they can be exploited remotely on improperly configured SCADA systems. It is worthwhile for administrators of such networks to review their configurations in light of these findings to ensure that they are not exposed.
The following software packages are vulnerable:
- Siemens SIMATIC WinCC flexible (Runtime) 2008 SP2 + security patch 1
- Siemens Automation License Manager.
Siemens recommends their SCADA systems implement network segmentation, system hardening, and patch management procedures. Best practices also include a holistic securitystrategy and Security Assurance Standards.
- Siemens SIMATIC WinCC Flexible (Runtime) Multiple Vulnerabilities: http://www.exploit-db.com/exploits/18166/
- Siemens Automation License Manager Multiple Vulnerabilities: http://www.exploit-db.com/exploits/18165/
- Siemens Industrial Security Webpage: http://www.industry.siemens.com/topics/global/en/industrial-security/Pages/Default.aspx