Wednesday, March 20, 2013

WinCC vulnerabilities: fresh meat


New vulnerabilities/fixes in Siemens WinCC 7.0 SP3 Update 1

CVE-2013-0678/ MISSING ENCRYPTION OF SENSITIVE DATA
CVE-2013-0676 IMPROPER AUTHORIZATION
CVE-2013-0677  XXE OOB in project files
CVE-2013-0679 RELATIVE PATH TRAVERSAL
CVE-2013-0674, CVE-2013-0675 BUFFER OVERFLOW

+ lot of good stuff for WinCC Flexible in TIA Portal V11.

More details @infiltratecon and @phdays.

Thanks to Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, Ilya Karpov, Alexey Osipov, Sergey Gordeychik, Dmitry Nagibin and Siemens CERT/Product team. 

SSA-212483
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-212483.pdf

SSA-714398
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-714398.pdf

ICSA-13-079-02
http://ics-cert.us-cert.gov/pdf/ICSA-13-079-02.pdf

Enjoy!

PS. Exploits for WinCC? No way! This is Out Of Band.