Summary: Siemens has issued a critical security advisory for a remote code execution (RCE) vulnerability, CVE-2024-35783, affecting several SIMATIC products, which could allow attackers to execute arbitrary commands with elevated privileges. The vulnerability poses a significant threat to industrial control systems, potentially leading to complete system compromise and manipulation of critical process data.
Threat Actor: Unknown | unknown
Victim: Siemens | Siemens
Key Point :
- The vulnerability has a CVSSv4 score of 9.4, indicating a high severity level.
- It affects critical products including SIMATIC Process Historian, SIMATIC PCS 7, and SIMATIC WinCC.
- Attackers could exploit the vulnerability to execute arbitrary operating system commands with administrative privileges.
- Siemens has released updates for some products, but many others are still awaiting fixes.
- Users are advised to implement recommended mitigations until updates are available.
Siemens has issued a critical security advisory regarding a remote code execution (RCE) vulnerability in several of its SIMATIC products, including SIMATIC Process Historian, SIMATIC PCS 7, and SIMATIC WinCC. The vulnerability, identified as CVE-2024-35783, has been assigned a CVSSv4 score of 9.4, highlighting the severity of the potential impact. The vulnerability could allow an attacker to gain elevated privileges and execute arbitrary commands, posing a significant threat to industrial control systems.
The core of the issue lies in how affected SIMATIC products handle database server privileges. In certain configurations, the database server runs with elevated privileges, creating a dangerous situation where an authenticated attacker could exploit the system to execute arbitrary operating system commands with administrative-level privileges. This could lead to complete system compromise, with the potential for attackers to manipulate critical process data, alarms, and historical records stored within these systems.
The CVE-2024-35783 vulnerability affects several critical Siemens products, each playing a key role in managing industrial processes and system control:
- SIMATIC Process Historian: This system serves as the long-term archive for production plant data, storing valuable process values, alarms, and batch data. Given its role in preserving historical data, any compromise could disrupt reporting and visualization applications.
- SIMATIC PCS 7: A distributed control system that integrates SIMATIC WinCC, SIMATIC Batch, and other components, SIMATIC PCS 7 is vital for controlling and monitoring large-scale industrial processes.
- SIMATIC WinCC: A Supervisory Control and Data Acquisition (SCADA) system, SIMATIC WinCC is widely used for process visualization and control, making it an attractive target for attackers.
- SIMATIC BATCH: The system used for batch process control, handling various operational tasks in a production environment.
- SIMATIC Information Server: This server is responsible for reporting and visualizing process data from the SIMATIC Process Historian.
Currently, Siemens has released updates for some products, but many others still lack a fix. The following are the key updates and affected products:
- SIMATIC PCS 7: Users are advised to update WinCC to V7.5 SP2 Update 18 or later, which addresses the vulnerability in the PCS 7 environment.
- SIMATIC Process Historian, SIMATIC Information Server, SIMATIC WinCC Runtime Professional, SIMATIC BATCH, and other related products are awaiting fixes. Siemens has not yet provided updates for these systems, leaving users to rely on recommended mitigations.