The global site of the UK's leading magazine for automation, motion engineering and power transmission
18 June, 2024

Twitter link

Siemens advises users of Step7, PCS7 and WinCC to install security patches

27 July, 2012

Siemens has issued a pair of advisory notices recommending users of its Simatic Step7, PCS7 and WinCC industrial software to install security patches to protect themselves against possible cyber-attacks. The patches are designed to plug vulnerabilities similar to those exploited by the Stuxnet worm which, in 2010, sabotaged centrifuges in the Iranian nuclear programme.

Although the Siemens advisories do not mention Stuxnet, they say that the patches are designed “to address vulnerabilities first discovered in 2010”.
The first advisory deals with a vulnerability affecting versions of Step7 before V5.5+SP1 (5.5.1) and PCS7 before V7.1 SP3. These programs contain a DLL (dynamic link library) loading mechanism that attackers can exploit to execute arbitrary code.

The affected versions of Step7 allow DLL files to be loaded in project folders, which can then be used to attack systems where Step7 is installed. An attacker can place arbitrary files into the project folders which will be loaded at start-up, without being validated. The code will then be executed with the permissions of the Step7 application.

If a project folder is shared on the network, an attacker who can access this location, can put a specially crafted library there. If Step7 opens the project file in this directory, the application will load this library. Siemens points out that for this to occur, an attacker must have access to a Step7 project file folder, or know the log-in credentials for the system.

The first advisory notice describes steps that Siemens took in 2010 and 2011 to address the vulnerability. Last year, it issued a software update that implements a mechanism to reject DLLs in Step7 project folders that contain executable code, thus preventing unintended execution of unchecked code.

Step7 update V5.5 SP1 (5.5.1) fixes the vulnerability, but Siemens recommends that users of Step7 and PCS7 should install the latest Service Pack – V5.5 SP2 – as soon as possible.

The second advisory deals with a vulnerability in versions of Simatic WinCC prior to V7.0 SP2 Update 1, and in versions of Simatic PCS7 before V7.1 SP2. These packages used pre-defined SQL server credentials that allowed administrative access to system databases. Users could not change or disable these credentials which could be used to gain remote access to the database server with administrative privileges.

Siemens addressed the vulnerability in WinCC V7.0 SP2 Update 1 (version and in newer updates. The latest version is Update 2, which removes the pre-defined credentials and switches to Windows authentication mechanisms. Siemens “strongly recommends” installing the update as soon as possible, and says that it should also be applied by users of Simatic PCS7.

The US Government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its own advisory notices about Siemens’ announcements (here and here).

♦ The Finnish cyber-security specialist, F-Secure, has received an email, apparently sent by a scientist working for the Iranian Atomic Energy Organisation (AEOI), reporting that the country’s nuclear programme “has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom”. The correspondent says that the automation network and Siemens hardware were attacked and shut down.

F-Secure says it cannot confirm details of the reported attack but can confirm that the email was sent from within AEOI.

  • To view a digital copy of the latest issue of Drives & Controls, click here.

    To visit the digital library of past issues, click here

    To subscribe to the magazine, click here



"Do you think that robots create or destroy jobs?"



Most Read Articles