• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-0275 SAP NetWeaver Java AS Cross Site Scripting Vulnerability
March 13, 2019
Rewterz Threat Alert – Citrix Network Breached
March 14, 2019

Rewterz Threat Advisory – CVE-2018-4832 Siemens SIMATIC PCS 7, SIMATIC WinCC, SIMATIC WinCC Runtime Professional, and SIMATIC NET PC Software

March 13, 2019

Severity

Medium

Analysis Summary

Specially crafted messages sent to the RPC service of the affected products could cause a denial-of-service condition on the remote and local communication functionality of the affected products. A reboot of the system is required to recover the remote and local communication functionality.

Impact

Denial of service

Affected Products

Siemens

SIMATIC PCS 7
SIMATIC WinCC
SIMATIC WinCC Runtime Professional
SIMATIC NET PC Software

Remediation

Siemens has released updates for several affected products and recommends users update to the new version.

  • OpenPCS 7 v8.1: Update to OpenPCS 7 v8.1 Upd 5

https://support.industry.siemens.com/cs/ww/en/view/109761055

  • SIMATIC BATCH v8.0: Install SIMATIC Batch v8.0 SP1 Upd21:

https://support.industry.siemens.com/cs/ww/en/view/109756847

  • SIMATIC BATCH v8.1: Install SIMATIC Batch v8.1 SP1 Upd16:

https://support.industry.siemens.com/cs/ww/en/view/109756846

  • SIMATIC BATCH v8.2: Update to SIMATIC Batch v8.2 Upd10:

https://support.industry.siemens.com/cs/ww/en/view/109757796

  • SIMATIC NET PC-Software: Update to v15 SP1

https://support.industry.siemens.com/cs/ww/de/view/109762690

  • SIMATIC PCS 7 v8.2:  Install v8.2 SP1:

To obtain SIMATIC PCS 7 v8.2 SP1 contact local support.

  • SIMATIC PCS 7 v9.0: Install v9.0 SP1:

To obtain SIMATIC PCS 7 v9.0 SP1 contact local support.

  • SIMATIC Route Control v8.2:

To obtain SIMATIC PCS 7 v8.2 SP1 contact local support.

  • SIMATIC WinCC Runtime Professional v13: Update to v13 SP2 Upd2

https://support.industry.siemens.com/cs/ww/en/view/109759753

  • SIMATIC WinCC Runtime Professional v14: Update to v14 SP1 Upd5:

https://support.industry.siemens.com/cs/ww/en/view/109747394

 SIMATIC WinCC v7.2 and earlier: Update to WinCC 7.2 Upd15:

https://support.industry.siemens.com/cs/ww/de/view/109762887

  • SIMATIC WinCC v7.3: Update to WinCC 7.3 Upd16:

https://support.industry.siemens.com/cs/ww/en/view/109756123

  • SIMATIC WinCC v7.4: Update to v7.4 SP1 Upd9

https://support.industry.siemens.com/cs/ww/de/view/109762790

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.