Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0074 SSA-345843: Vulnerabilites in WinCC 7.2 17 June 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Siemens WinCC Siemens SIMATIC PCS7 Operating System: Windows Server 2003 Windows Server 2008 Windows Server 2008 R2 Windows 7 Windows XP Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2013-3959 CVE-2013-3958 CVE-2013-3957 Member content until: Wednesday, July 17 2013 OVERVIEW Multiple vulnerabilities have been identified in Siemens SIMATIC WinCC version 7.2 and below. SIMATIC PCS 7 Web Server versions 8.0 SP1 and earlier are also affected by these vulnerabilities. [1] IMPACT The vendor has provided the following description regarding these vulnerabilities: "Vulnerability 1 (CVE-2013-3957) Attackers might overcome the input filtering of the WinCC Web Navigator login screen and inject SQL statements into queries. By manipulating the database, the attacker can elevate his rights and, depending on the system configuration, might be able to gain full system access. CVSS Base Score 7.5 CVSS Temporal Score 5.9 CVSS Overall Score 5.9 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C) Vulnerability 2 (CVE-2013-3958) Hard coded credentials are used in the Web Navigator login mechanism. Attackers with network access and knowledge of the credentials could log into the Web Navigator web applications as authenticated user. CVSS Base Score 7.5 CVSS Temporal Score 5.9 CVSS Overall Score 5.9 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C) Vulnerability 3 (CVE-2013-3959) A user with authenticated access to the Web Navigator web application can probe forvalid NetBIOS user names by manipulating URL parameters. CVSS Base Score 4.0 CVSS Temporal Score 3.1 CVSS Overall Score 3.1 (AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C)" [1] MITIGATION The vendor recommends updating to WinCC 7.2 Update 1. [1] REFERENCES [1] SSA-345843: Vulnerabilites in WinCC 7.2 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUb5fvu4yVqjM2NGpAQL9lg/+JvzRv1VVpmICS40CWdLdnr57exhkNyuD oaYvaoLrQw2jrPJ7ZfzT1VpBGuKwILeR/oqC1o6HJOxoYdYqLvkGXBhhulV1Luvc nzLyZw7A/L2vsopXlyRdrehPQY44tda1P3nZfMizP/l6X+YoHZs7z6yLbvRmgFyg CLJ32YJLQaTm2xUjv+1d9kugZN4Qadk0yt/Z7ybRan6V636XEBBgOp36r+zXBvEd jbkvtFC7OOEgVliS0+VGKwJzzUSPaZ0ea5v0DB6bl8B8xxA6uy1DhYd2a1NgU6f+ KuaBma7KiuEaadXu5XXPLbyCqk//YRvjdawhfo/UQmvCjlQCn+ihS72xADIe0gkQ w3bcdPG5vu0XR+VM1QVYJ4LrOU6dN2ioJ0G4SnUq8b0N27gJIl/p8NL7ys+0IkSf bI/gOFC0E44oAV9qDAsQJUhHiSKIdaUss5Acp9IEpEvmWJFRe3090iXENXtNNV0z egSswXgxKt/Tktu/uyc5EVWMJIchA7D7BlHsspM5Z5Ful1NGEcEoC+4pMJjuELOb zJaSBTrzY2zJvhNidz8ULJi5eMzoAvx1kTxA4Y/LiOGD/SfKBybN1K6XhVqL5Ms6 l/d6Uyr0yvGb1HxZnMbPSv8BIIKjcI4vkG7QAQNAqRGFtad8unXORTNZ+e3rXa9P fXltHjb2m3w= =D3Cv -----END PGP SIGNATURE-----