Yesterday DHS ICS-CERT published an advisory for multiple vulnerabilities in the Siemens’ WinCC application. The vulnerabilities were reported in a coordinated disclosure by a number of researchers from Positive Technologies. In a twist that is to be encouraged, Siemens reported an additional related vulnerability that is being covered in this Advisory.
The vulnerabilities disclosed in this Advisory include:
Xml (xpath) injection, CVE-2012-2596;
Directory traversal, CVE-2012-2597; and
Buffer overflow, CVE-2012-2598.
NOTE: These links may not be active for a couple of days.
The vulnerabilities are all remotely exploitable by a relatively unskilled attacker. Successful exploits could lead to a number of problems, but none are reported to lead directly to execution of arbitrary code.Siemens has a security advisory addressing the issues and an update that address all but one of the vulnerabilities. The buffer overflow vulnerability is associated with DiagAgent, a utility that is no longer supported. Siemens suggests disabling DiagAgent and replacing it with SIMATIC Diagnostics Tool or SIMATIC Analyser.