Industrial Security Alerts
Here we inform you about current security threats and provide links to patches and updates as soon as they become available.
March 15th, 2013 (second publication)
Product update for vulnerabilities in WinCC (TIA Portal) V11
Siemens has been notified by IT experts of vulnerabilities in the visualization software Simatic WinCC in the engineering framework TIA Portal V11. A potential attacker could use these vulnerabilities to access the internal password management.
The vulnerabilities had been fixed with the last scheduled product update.
We thank Billy Rios, Terry McCorkle, Shawn Merdinger, Positive Technologies and ICS-CERT for their information.
March 15th, 2013 (first publication)
Vulnerabilities in Simatic WinCC V7.0
Siemens has been notified by IT experts of vulnerabilities in the visualization software Simatic WinCC V7.0 SP3. A potential attacker could use these vulnerabilities to access the WinCC database and to gain access to the visualization system
The vulnerabilities had been fixed with the last scheduled product update.
We thank Gleb Gritsai, Sergey Gordeychik from Positive Technologies, for their information.
February 13th, 2013
Security update for CP1604 and CP1616 communication processors (SIMATIC IPC onboard)
Siemens found a vulnerability in communication processors CP1604 and CP1616 as well as in CP1616 onboard, used in SIMATIC IPC.
An update to fix this vulnerability is available and recommended to all users.
January 23rd, 2013
ICS CERT Alert on a password tool targeting SIMATIC S7
Siemens has been notified by ICS CERT (ICS-ALERT-13-016-02) about the public release of a hacking tool targeting password-protected Siemens PLCs. Under limited circumstances, it may be possible for an attacker to obtain the PLC password.
Customers can take actions to improve the security of their installation:
We thank ICS CERT for their information.
January 11th, 2013
Vulnerability in RF-Manager
Siemens has been notified by IT experts about vulnerability in the RF-Manager. The RF-Manager is an engineering tool to configure RFID Reader.
Siemens has analyzed this vulnerability and prepared a patch. The patch is recommended to all users.
December 20th, 2012
Denial-of-Service vulnerability in S7-1200 from V2.x
Siemens has been notified by IT experts of a vulnerability in the network interfaces of the SIMATIC S7-1200 PLC versions from V2.x. A potential attacker could use the vulnerability to perform a Denial-of-Service attack against the CPU.
The vulnerability will be fixed with the next scheduled product update.
We thank Prof. Dr. Hartmut Pohl, softScheck GmbH, and Arne Vidstrom, Swedish Defense Research Agency, for their information.
December 12th, 2012 (second publication)
Vulnerabilities in Automation License Manager
Siemens has identified vulnerabilities in the Automation License Manager, a software that organizes SIMATIC software licenses. Any version below 5.2 is affected by these vulnerabilities.
A software update to fix the vulnerabilities is available and is recommended to all users.
December 12th, 2012 (first publication)
Update for RuggedCom ROS products
An update is ready for ROS products. The update fixes the vulnerabilities indentified on August 31st, 2012.
October 8th, 2012
Cross-Site Scripting vulnerability in the SIMATIC S7-1200 web application
Siemens has been notified by IT experts from the Russian company "Positive Technologies" of vulnerabilities that exist in the S7-1200 web application. If the web server is enabled it is susceptible to Cross-Site Scripting (XSS). In addition, the web server supports HTTP PUT functionality within authenticated sessions. HTTP PUT allows an authenticated user to upload new files to the web server.
We thank Positive Technologies for their information.
Siemens has analyzed these vulnerabilities and prepared an update. The firmware update can be obtained by contacting technical support in your region.
More information and instructions for the user can be found here:
September 13th, 2012
Certificate for HTTPS Communication to S7-1200 V2.x
Siemens has been notified by IT experts from the Russian company "Positive Technologies" of a vulnerability in the certificate store of the Simatic S7-1200 PLC versions V2.x. A potential attacker could use this vulnerability to forge their own certificates and impersonate other web sites. Newer CPU versions from V3 are not affected by this vulnerability.
We thank Positive Technologies for their information.
Siemens specialists are analyzing the vulnerability and will provide further information as soon as possible. As a quick workaround, users can remove the Simatic Controller Certificate from their Windows certificate store.
More information and instructions for the user can be found here:
September 10th, 2012
Update available to remove vulnerabilities in SCADA software WinCC V7.0 SP3
Siemens was notified by IT experts about vulnerabilities in SCADA software WinCC V7.0 SP3. Software updates are available and are recommended for all users.
We thank Positive Technologies for reporting these vulnerabilities.
August 31st, 2012
Siemens and RuggedCom experts have analyzed information about a vulnerability in RuggedCom's Rugged Operating Systems ROS (see announcement dated August 21, 2012). Siemens and RuggedCom are developing relevant measures and will provide an update as soon as possible. We thank ICS-CERT and Justin W. Clarke for their information.
Experts from Siemens and RuggedCom also investigated the systems ROX and RuggedMax, where they found similar vulnerabilities. Workarounds for these are available immediately.
More information and instructions for the user can be found here:
August 21st, 2012
Siemens was notified by ICS-CERT about a vulnerability discovered by Justin W. Clarke of Cylance Inc. in RuggedCom´s Rugged Operating System (ROS). RuggedCom is a company acquired by Siemens beginning of 2012. According to the security researcher, the vulnerability can be used to decrypt SSL traffic between an end user and a RuggedCom network device. On the 21th of August, ICS-CERT published ICS-ALERT 12-234-01 to document this case.
Specialists from Siemens and RuggedCom are investigating this issue and will provide information updates as soon as they become available.
August 10th, 2012
Siemens was notified by a customer about vulnerability in the Plant Engineering Software COMOS. Software updates to deal with this vulnerability are available and are recommended for all users.
Information about the update and vulnerability
July 31st, 2012
During internal tests Siemens has found vulnerabilities in PROFINET CPUs of the modular controllers SIMATIC S7-400 and provides a remedy for version 6.
You can find further information on the vulnerabilities at:
You can find information on the updates of version 6 at:
June 05th, 2012
Siemens was notified by IT experts about vulnerabilities in SCADA software WinCC V7.0 SP3. Software updates are available and are recommended for all users. We thank Positive Technologies for reporting these vulnerabilities.
April 26th, 2012
RuggedCom, a company recently acquired by Siemens, was notified by IT experts about a vulnerability discovered in RuggedCom industrial network product families of RuggedSwitch and RuggedServer.
Specialists from RuggedCom are continuing to investigate this issue and will provide updates as more information becomes available.
We thank the researcher, Justin W. Clarke, for reporting this vulnerability.
April 5th, 2012
Siemens was notified by IT experts about vulnerabilities in product families of industrial network components Scalance S, X300, XR300 and X400. Firmware updates are available and are recommended for all users. We thank Manimaran Govindarasu and Adam Hahn for reporting these vulnerabilities.
Information about the updates:
Information about the vulnerabilities:
February 15th, 2012
Symantec Corporation has drawn attention to various vulnerabilities in its remote access product pcAnywhere. Siemens has contacted Symantec Corporation to clarify the current situation regarding pcAnywhere. You will find further information at
Symantec pcAnywhere is used in Sinumerik- und Simatic PCS 7 environments.
You will find further information and recommendations for measurements with Simatic PCS 7 and Sinumerik RCS Host at:
February 3rd, 2012
Siemens has analyzed the vulnerabilities reported by IT experts in connection with the web server of the runtime systems of Simatic WinCC flexible and WinCC (TIA Portal) (see announcement from 30 November 2011) and implementd a remedy.
Solutions have also been implemented for the vulnerabilities reported in May (see announcement from 22 December 2011) in the WinCC flexible runtime versions 2004 to 2008 SP2, WinCC Runtime Advanced V11 and Simatic Panels (TP, OP, MP, Comfort Panels).
We wish to thank Luigi Auriemma, Terry McCorke, Shawn Merdinger and Billy Rios for the details they provided on the vulnerabilities.
Customers can find information on the remedies and updates at:
December 22nd, 2011
Siemens was notified by IT experts (Billy Rios and Terry McCorke) about vulnerabilities in some of its automation products. These are the WinCC flexible RT versions from 2004 to 2008 SP2 and WinCC Runtime Advanced V11 and multiple Simatic panels (TP, OP, MP, Comfort).
We are aware of the reported vulnerabilities, first reported in May 2011. Our development had immediately taken action and addressed these issues. The vulnerabilities will be fixed by security updates, first is planned to be issued in January 2012.
In December 2011 further vulnerabilities have been reported which are currently under investigation. We thank Billy Rios and Terry McCorke for reporting the vulnerabilities.
December 19th, 2011
Siemens has conducted an analysis related to a recent researcher report concerning vulnerabilities in its automation software products. (See Siemens announcement of November 30, 2011.) Siemens has confirmed the vulnerabilities and already made mitigations available.
Information about the Update of the Automation License Manager can be found here:
Vulnerabilities related to Webserver-Functionality of SIMATIC WinCC flexible Runtime, a human-machine interface product, will be addressed with software updates scheduled to become available in January 2012. The
Operational Guidelines should be observed in when downloading any updates.
To our current knowledge, no industrial facilities have been impacted by this vulnerability.
November 30th, 2011
Siemens was notified by an IT expert about possible vulnerabilities in two of its automation software products. The respective information is related to the Automation License Manager, a software that organizes SIMATIC software licences and SIMATIC WinCC flexible (runtime). We are analyzing the possible vulnerabilities and will inform relevant customers and the public as soon as there are relevant findings. At the moment, we are not aware of any impact on industrial facilities.
November 23rd, 2011
Siemens is aware of a recent security breach at a water treatment plant for the City of South Houston, USA. Control graphics screen shots were taken from the system and posted on the internet. To our current knowledge, no other malicious activity has been reported.
Siemens is in close contact with ICS-CERT of US Homeland Security, supporting the ongoing investigations about the incident. We will immediately inform relevant customers and public as soon as there are new findings published by ICS-CERT.
Siemens HMI systems, when properly configured and installed, are a robust and practical solution to visualizing and controlling plant automation requirements. Installation of such systems should always consider the recommendations provided in the Siemens Operational Guidelines for Industrial Security, specifically the Siemens Industrial Security Concept.
Cross-Vendor Working Group (July 2011)
Siemens welcomes the announcement of a "Cross-Vendor Working Group" by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). ICS-CERT is part of US-CERT, the operational arm of the National Cyber Security Division at the Department of Homeland Security, USA.The industrial control systems stakeholder community worldwide understands that ICS installations need to be more secure. Siemens as a global technology leader in this arena is eager to support this working group.
Password security weakness in SIMATIC controllers (July 2011)
SIEMENS Industrial Automation has identified a potential security weakness in the programming and configuration client software authentication mechanism employed by the SIMATIC S7 family of programmable controllers. This potential weakness is known to affect the SIMATIC S7 family of controller platforms, including S7-200, S7-1200, S7-300 and S7-400
Behaviour of SIMATIC S7-1200 in Industrial Networks (May 2011)
In mid-May, ICS-CERT issued an alert about certain weaknesses in the Ethernet network interface of the Simatic S7-1200 controller. Siemens reproduced the test scenario. The scenario revealed weaknesses in the S7-1200 controller in reaction to targeted network attacks. Siemens takes such reports very seriously and our experts are permanently working on possible improvements.The reported weaknesses are removed by the current firmware update.