Thursday, June 7, 2012

ICS-CERT Issues WinCC Advisory

Yesterday DHS ICS-CERT published an advisory for multiple vulnerabilities in the Siemens’ WinCC application. The vulnerabilities were reported in a coordinated disclosure by a number of researchers from Positive Technologies. In a twist that is to be encouraged, Siemens reported an additional related vulnerability that is being covered in this Advisory.

The vulnerabilities disclosed in this Advisory include:

Cross-site scripting, CVE-2012-2595 and CVE-2012-3003;

Xml (xpath) injection, CVE-2012-2596;

Directory traversal, CVE-2012-2597; and

Buffer overflow, CVE-2012-2598.

NOTE: These links may not be active for a couple of days.

The vulnerabilities are all remotely exploitable by a relatively unskilled attacker. Successful exploits could lead to a number of problems, but none are reported to lead directly to execution of arbitrary code.
Siemens has a security advisory addressing the issues and an update that address all but one of the vulnerabilities. The buffer overflow vulnerability is associated with DiagAgent, a utility that is no longer supported. Siemens suggests disabling DiagAgent and replacing it with SIMATIC Diagnostics Tool or SIMATIC Analyser.

No comments:

/* Use this with templates/template-twocol.html */