Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0126 Multiple Vulnerabilities in WinCC 7.0 SP3 12 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Siemens SIMATIC WinCC Operating System: Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows 7 Windows XP Impact/Access: Access Privileged Data -- Remote/Unauthenticated Cross-site Request Forgery -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-3031 CVE-2012-3028 CVE-2012-3030 CVE-2012-3032 CVE-2012-3034 Member content until: Friday, October 12 2012 Comment: While most of these vulnerabilities have been addressed in a patch by the vendor, at the time of this advisory's publication one vulnerability remains unpatched. The vendor has provided steps to mitigate the outstanding vulnerability. OVERVIEW Multiple vulnerabilities have been identified in Siemens SIMATIC WinCC version 7.0 SP3. The vendor describes the WebNavigator component of WinCC as giving "... the users the possibility to control their plants via the web browser with the same look-and-feel like local operator stations." [1] IMPACT The vendor has provided the following description regarding these vulnerabilities: "WinCC WebNavigator is susceptible to twelve vulnerabilities, which compromise (depending on the vulnerability) the confidentiality, integrity or availability of the affected system over the network. WebNavigator is part of WinCC 7.0." [1] Reflected cross site scripting and cross site request forgery vulnerabilities may allow the attacker to take over the WebNavigator session with the victim’s rights. Additionally arbitrary files and database content may be accessible to a remote, unauthenticated web user. MITIGATION Siemens provides an update for WinCC 7.0 SP3 which addresses most vulnerabilities discussed in this bulletin. However the cross site request forgery vulnerability remains unpatched, and Siemens recommends the following mitgations: 1. Do not interact with other internet related services whilst logged in to WebNavigator. 2. Log out when WebNavigator is no longer needed. REFERENCES [1] Siemens SIMATIC WinCC Multiple Vulnerabilities http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUFE9De4yVqjM2NGpAQKDyQ//T6wJlCps1uoVyJc96WfPU1FWoI0ihMJC m4xHRV/ivkTO33wn5eZrr+3zL+kpb5ctaIu+X5h/iTxlHMn7OAcGGJzlg7LvIoLG VPj+VHeKBipI9+2ccS3t8medI6hoU4AShocgVi+edX8+TcXCTPvrGtGjPNM62/VZ G9f9EEgR+bQDBnhA9AJAhyiSRks8sZU6FVky8hOOg0gxkchJZU4X8froKDILuCU/ dI4+/BVnZT//1HX5Zk3kkpFocdJ7WZkrrP5+6c+sONWuXLEeqfdXUmSPHv6ugcQB UXEP38xmwUILGJtyi5Im1NvW1QzdIEiH1lAlWIn0l3gRGewcgKQk/DspRafhsXgQ JEgjMkg7jVmLdnkgQIwhf7EbqPGbY+H5Osh2N3cCJzLwthbnSsmOFu2Zei+pIZ6c BRnQ0I6nrft1ZiWgSWWLRP0EBv7cka9RpHSMA6rROPpEl6/vDrhE/ixYsqU2ogL/ qk/YGmInd9jZnn/VJUGZBBOYyXmpNcB4rveqhKaBfStQdjfiHl57wYzqeWky2lX7 bw4ITQL/8iNBOh30PkCGHr6wNyyz9h+uaupteEAff10QoE7mMFvQcfP3/8IPaqX7 ImrQ/UmjNDP7xjFJDJMNcf618x1Yqw3rdCHswP9TcTrWNx0qrBcnSyoUeTWLgb/p PoFOrGPyQws= =GgDq -----END PGP SIGNATURE-----