You are here

Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update G) (ICSA-18-088-03) – Products Used in the Water and Wastewater and Energy Sectors

Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software (Update G) (ICSA-18-088-03) – Products Used in the Water and Wastewater and Energy Sectors

Created: Wednesday, March 13, 2019 - 11:28
Categories:
Cybersecurity

March 12, 2019

The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

February 5, 2019

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. Read the advisory at NCCIC/ICS-CERT.

December 13, 2018

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.

November 13, 2018

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.

October 9, 2018

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.

June 12, 2018

The NCCIC has updated this advisory with additional details on affected products and mitigation details. NCCIC/ICS-CERT.

April 24, 2018

The NCCIC has updated this advisory with additional details on affected products and mitigation measures. NCCIC/ICS-CERT.

March 29, 2018

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software. Multiple versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the remote and local communication functionality of the affected products. A system reboot is required to recover. Siemens has identified a series of mitigations users can apply to reduce the risk and has released updates for several affected products. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.