Full Report
An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system.
Analysis Summary
# Vulnerability: Siemens SIMATIC WinCC Local Denial of Service
## CVE Details
- **CVE ID:** CVE-2019-10917
- **CVSS Score:** 3.3 (Low) - *Note: While the provided text lists a calculator link for 0.0, the vector string CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L resolves to 3.3.*
- **CWE:** CWE-400 (Uncontrolled Resource Consumption) / CWE-20 (Improper Input Validation) - inferred from DoS on file load.
## Affected Systems
- **Products:**
- SIMATIC PCS 7
- SIMATIC WinCC (TIA Portal)
- SIMATIC WinCC Runtime Professional
- SIMATIC WinCC (Standalone)
- **Versions:**
- SIMATIC PCS 7: V8.0, V8.1, V8.2, V9.0 (All versions)
- SIMATIC WinCC (TIA Portal): V13, V14, V15 (All versions)
- SIMATIC WinCC V7.2 and earlier: All versions
- SIMATIC WinCC V7.3, V7.4, V7.5: Versions prior to V7.5 Upd 3
- **Configurations:** Systems where an attacker can replace or provide a malicious project file to be loaded by the legitimate user.
## Vulnerability Description
The vulnerability exists in how Siemens WinCC products process project files during the loading sequence. An attacker with local access to the filesystem can modify a project file such that, when it is opened by a legitimate user/administrator, it triggers a Denial-of-Service (DoS) condition. This typically involves the application crashing or becoming unresponsive, preventing the engineering station or runtime environment from functioning.
## Exploitation
- **Status:** Proof of Concept (PoC) available.
- **Complexity:** Low.
- **Attack Vector:** Local (Requires the attacker to place a malicious file on the local system or a shared drive).
- **User Interaction:** Required (A user must attempt to load the malformed project file).
## Impact
- **Confidentiality:** None.
- **Integrity:** None.
- **Availability:** Partial (The affected software component becomes unavailable, disrupting engineering or monitoring tasks).
## Remediation
### Patches
Siemens recommends upgrading to the following versions or later:
- **SIMATIC WinCC V7.5:** Update to V7.5 Upd 3 or newer.
- For other products (PCS 7, WinCC TIA Portal), users should monitor Siemens ProductCERT for specific version-based update instructions or migrate to the latest supported service packs.
### Workarounds
- **Strict Access Control:** Restrict physical and logical access to engineering stations and the directories where project files are stored.
- **File Integrity:** Ensure project files are only sourced from trusted, secure backups and use checksums if possible to verify integrity before loading.
## Detection
- **Indicators of Compromise:** Unexpected application crashes (e.g., `CCProjectMgr.exe` or TIA Portal processes) immediately upon loading a specific project folder.
- **Detection methods:** Monitor file system activity for unauthorized modifications to `.mcp` or project database files by non-authorized users.
## References
- **Vendor Advisory:** hxxps://support.industry.siemens[.]com/cs/ww/en/view/109767227
- **Kaspersky Advisory:** hxxps://ics-cert.kaspersky[.]com/advisories/2019/05/16/klcert-19-026-siemens-wincc-local-denial-of-service/
- **NVD:** hxxps://nvd.nist[.]gov/vuln/detail/CVE-2019-10917