June 12, 2018

The NCCIC has updated this advisory with additional details on affected products and mitigation details. This advisory was initially published on November 2, 2017. NCCIC/ICS-CERT.

November 2, 2017

ICS-CERT has released an advisory on a Siemens SIMATIC PCS 7 vulnerability. The following versions of SIMATIC PCS 7 are affected: V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13, and all versions of V8.2. Successful exploitation of this vulnerability could allow a remote authenticated attacker to crash services on the devices. Siemens has released an update for V8.1 prior to V8.1 SP1 with WinCC V7.3 Upd 13 and is working on updates for the remaining affected versions and recommends that affected users apply cell protection concept, use VPN for protecting network communication between cells, and apply Defense-in-Depth. Siemens also strongly recommends that users protect network access to the SIMATIC PCS 7 with appropriate mechanisms by configuring the environment according to operation guidelines. ICS-CERT.