Critical Vulnerability in Siemens STEP 7 TIA Portal

What happened?

A critical vulnerability has been found in Siemens STEP 7 TIAPortal, one of the most widely used design and automation programs for industrial control systems (ICS) worldwide. Users are urged to confirm that their systems have been upgraded to the latest version.

The critical vulnerability has been discovered by Tenable Research and would allow an attacker to take administrative action.

What’s the attack vector?

Jumping the authentication mechanism on the TIA Manager server through the node.js server web sockets

What is the impact on the business?

An attacker could compromise a TIA Portal system and use its access to add malicious code to adjacent industrial control systems. Attackers could also use the access gained through exploiting this vulnerability to steal sensitive data in existing OT configurations to continue progressing and plan attacks targeting critical infrastructure.

In the worst case, a vulnerable TIA Portal system can be used as a springboard in an attack that causes catastrophic damage to the OT team, disrupts critical operations, or conducts cyber espionage campaigns.

What’s the solution?

Siemens has released an update and security notice for this vulnerability.

Should I be worried?

Modern industrial operations often encompass complex IT and OT infrastructures, with new security challenges for critical environments, while making cybersecurity threats even more difficult to detect, investigate, and remedy.

Solutions?

OT/ICS/SCADA monitoring and management services have become easier thanks to our solution based on a QRadar SIEM and Indegy ICS.