WinCC OA version 3.14 P021 fixes a specific Security Vulnerability

Discussion about security topics in WinCC OA!
Search

Post Reply
1 post • Page 1 of 1
User avatar
dfranken
Posts: 22
Joined: Mon Aug 02, 2010 9:47 am

WinCC OA version 3.14 P021 fixes a specific Security Vulnerability

Post by dfranken » Wed Sep 12, 2018 7:24 am

Dear customer,

The latest update P021 for SIMATIC WinCC OA V3.14 fixes a vulnerability that could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14.
This vulnerability affects SIMATIC WinCC OA V3.14 and prior. SIMATIC WinCC OA V3.15 and V3.16 are not affected by this vulnerability.

More details regarding this vulnerability are available in this Siemens Security Advisory from ProductCERT: https://cert-portal.siemens.com/productcert/pdf/ssa-346256.pdf

The corresponding SIMATIC WinCC OA Security Guideline for Version 3.14 has also been updated to obtain a secured SIMATIC WinCC OA environment:
https://portal.etm.at/index.php?option=com_phocadownload&view=category&id=52:security&Itemid=81

Best regards,
Daniel Frankendorfer

Post Reply
1 post • Page 1 of 1