Industrial Security Alerts

Here we inform you about current security threats and provide links to patches and updates as soon as they become available.

June 05, 2012

Siemens was notified by IT experts about vulnerabilities in SCADA software WinCC V7.0 SP3. Software updates are available and are recommended for all users. We thank Positive Technologies for reporting these vulnerabilities.

April 26th, 2012

RuggedCom, a company recently acquired by Siemens, was notified by IT experts about a vulnerability discovered in RuggedCom industrial network product families of RuggedSwitch and RuggedServer.

Specialists from RuggedCom are continuing to investigate this issue and will provide updates as more information becomes available.
We thank the researcher, Justin W. Clarke, for reporting this vulnerability.

April 5th, 2012

Siemens was notified by IT experts about vulnerabilities in product families of industrial network components Scalance S, X300, XR300 and X400. Firmware updates are available and are recommended for all users. We thank Manimaran Govindarasu and Adam Hahn for reporting these vulnerabilities.

Information about the updates:

Information about the vulnaribilities:

February 15th, 2012

Symantec Corporation has drawn attention to various vulnerabilities in its remote access product pcAnywhere. Siemens has contacted Symantec Corporation to clarify the current situation regarding pcAnywhere. You will find further information at

Symantec pcAnywhere is used in Sinumerik- und Simatic PCS 7 environments.

You will find further information and recommendations for measurements with Simatic PCS 7 and Sinumerik RCS Host at:

February 3rd, 2012

Siemens has analyzed the vulnerabilities reported by IT experts in connection with the web server of the runtime systems of Simatic WinCC flexible and WinCC (TIA Portal) (see announcement from 30 November 2011) and implementd a remedy.
Solutions have also been implemented for the vulnerabilities reported in May (see announcement from 22 December 2011) in the WinCC flexible runtime versions 2004 to 2008 SP2, WinCC Runtime Advanced V11 and Simatic Panels (TP, OP, MP, Comfort Panels).

We wish to thank Luigi Auriemma, Terry McCorke, Shawn Merdinger and Billy Rios for the details they provided on the vulnerabilities.
Customers can find information on the remedies and updates at:

December 22nd, 2011

Siemens was notified by IT experts (Billy Rios and Terry McCorke) about vulnerabilities in some of its automation products. These are the WinCC flexible RT versions from 2004 to 2008 SP2 and WinCC Runtime Advanced V11 and multiple Simatic panels (TP, OP, MP, Comfort).
We are aware of the reported vulnerabilities, first reported in May 2011. Our development had immediately taken action and addressed these issues. The vulnerabilities will be fixed by security updates, first is planned to be issued in January 2012.
In December 2011 further vulnerabilities have been reported which are currently under investigation. We thank Billy Rios and Terry McCorke for reporting the vulnerabilities.

December 19th, 2011

Siemens has conducted an analysis related to a recent researcher report concerning vulnerabilities in its automation software products. (See Siemens announcement of November 30, 2011.) Siemens has confirmed the vulnerabilities and already made mitigations available.
Information about the Update of the Automation License Manager can be found here:

Vulnerabilities related to Webserver-Functionality of SIMATIC WinCC flexible Runtime, a human-machine interface product, will be addressed with software updates scheduled to become available in January 2012. The Operational Guidelines should be observed in when downloading any updates.

To our current knowledge, no industrial facilities have been impacted by this vulnerability.

November 30th, 2011

Siemens was notified by an IT expert about possible vulnerabilities in two of its automation software products. The respective information is related to the Automation License Manager, a software that organizes SIMATIC software licences and SIMATIC WinCC flexible (runtime). We are analyzing the possible vulnerabilities and will inform relevant customers and the public as soon as there are relevant findings. At the moment, we are not aware of any impact on industrial facilities.

November 23rd, 2011

Siemens is aware of a recent security breach at a water treatment plant for the City of South Houston, USA. Control graphics screen shots were taken from the system and posted on the internet. To our current knowledge, no other malicious activity has been reported.

Siemens is in close contact with ICS-CERT of US Homeland Security, supporting the ongoing investigations about the incident. We will immediately inform relevant customers and public as soon as there are new findings published by ICS-CERT.

Siemens HMI systems, when properly configured and installed, are a robust and practical solution to visualizing and controlling plant automation requirements. Installation of such systems should always consider the recommendations provided in the Siemens Operational Guidelines for Industrial Security, specifically the Siemens Industrial Security Concept.

Cross-Vendor Working Group (July 2011)

Siemens welcomes the announcement of a "Cross-Vendor Working Group" by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). ICS-CERT is part of US-CERT, the operational arm of the National Cyber Security Division at the Department of Homeland Security, USA.The industrial control systems stakeholder community worldwide understands that ICS installations need to be more secure. Siemens as a global technology leader in this arena is eager to support this working group.

Password security weakness in SIMATIC controllers (July 2011)

SIEMENS Industrial Automation has identified a potential security weakness in the programming and configuration client software authentication mechanism employed by the SIMATIC S7 family of programmable controllers. This potential weakness is known to affect the SIMATIC S7 family of controller platforms, including S7-200, S7-1200, S7-300 and S7-400

Behaviour of SIMATIC S7-1200 in Industrial Networks (May 2011)

In mid-May, ICS-CERT issued an alert about certain weaknesses in the Ethernet network interface of the Simatic S7-1200 controller. Siemens reproduced the test scenario. The scenario revealed weaknesses in the S7-1200 controller in reaction to targeted network attacks. Siemens takes such reports very seriously and our experts are permanently working on possible improvements.The reported weaknesses are removed by the current firmware update.