Full Report
An attacker with network access to affected installations, which are configured without “Encrypted Communication”, can execute arbitrary code. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts confidentiality, integrity, and availability of the device.
Analysis Summary
# Vulnerability: Remote Code Execution in Siemens SIMATIC WinCC/PCS 7 without Encrypted Communication
## CVE Details
- CVE ID: CVE-2019-10922
- CVSS Score: 9.8 (Critical - based on the provided metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
- CWE: Not explicitly listed, but implied to be due to insecure communication/handling of unencrypted traffic leading to RCE.
## Affected Systems
- Products: Siemens SIMATIC WinCC, Siemens SIMATIC PCS 7
- Versions:
- SIMATIC PCS 7: V8.0 and earlier, V8.1 and newer (All versions mentioned)
- SIMATIC WinCC: V7.2 and earlier, V7.3 and newer (All versions mentioned)
- Configurations: Affected installations **must be configured without "Encrypted Communication" enabled**.
## Vulnerability Description
An unauthenticated attacker, with network access to the vulnerable Siemens installation, can exploit this flaw to execute arbitrary code. The vulnerability is exploitable over the network and requires no user interaction. Its existence is dependent on the installation lacking the "Encrypted Communication" security feature.
## Exploitation
- Status: Existence of exploit is noted as **Unknown** in the source, but the description implies a high likelihood where conditions are met.
- Complexity: Low (Remote, Low Attack Complexity, No Privileges Required, No User Interaction)
- Attack Vector: Network
## Impact
- Confidentiality: High
- Integrity: High
- Availability: High
## Remediation
### Patches
- The vendor released a patch in **May 2019**. (Specific patch versions are not detailed in the advisory summary, but the vendor fix addressed the issue.)
### Workarounds
- Enable **“Encrypted Communication”** on affected installations.
- Apply the general **Defense-in-Depth concept**.
## Detection
- Specific IOCs are not provided.
- Detection relies on monitoring network traffic targeting the relevant Siemens services and verifying if communication is properly encrypted, or by detecting post-exploitation activity consistent with arbitrary code execution.
## References
- Vendor Advisories: Siemens (Patch released May 2019)
- Relevant Links:
- hxxps://ics-cert.kaspersky.com/advisories/2019/05/16/klcert-19-027-remote-code-execution-vulnerability-in-siemens-simatic-wincc-and-simatic-pcs-7/