The NCCIC has published an advisory on a missing authentication for critical function vulnerability in Siemens SIMATIC WinCC and SIMATIC PCS 7. Versions 7.2 and earlier and versions 7.3 and newer of SIMATIC WinCC and versions 8.0 and earlier and 8.1 and newer of SIMATIC WinCC are affected. Successful exploitation of this vulnerability could allow an unauthenticated attacker with access to the affected devices to execute arbitrary code. Siemens recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability. Read the advisory at NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!