October 9, 2018

The NCCIC has updated this advisory with additional details on the affected products and mitigation measures. NCCIC/ICS-CERT.

August 14, 2018

The NCCIC has released an advisory on incorrect default permissions vulnerabilities in Siemens SIMATIC STEP 7 and SIMATIC WinCC. Multiple versions of these products are affected. Successful exploitation of these vulnerabilities may allow an attacker with local file write access to manipulate files and cause a denial-of-service-condition, or execute code both on the manipulated installation as well as devices configured using the manipulated installation. Siemens has provided updates and identified specific workarounds and mitigations to fix the vulnerabilities and reduce the risk. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.