March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Middle East Expected to See a Series of Cyber Attacks Disrupting Industrial Processes
May 13, 2019Rewterz Threat Advisory – CVE-2019-6574 – Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network Denial of Service Vulnerability
May 15, 2019Middle East Expected to See a Series of Cyber Attacks Disrupting Industrial Processes
May 13, 2019Rewterz Threat Advisory – CVE-2019-6574 – Siemens SINAMICS PERFECT HARMONY GH180 Fieldbus Network Denial of Service Vulnerability
May 15, 2019
Severity
High
Analysis Summary
If affected installations do not have “Encrypted Communication” configured, an unauthenticated attacker with network access may be able to execute arbitrary code.
Impact
Execution of arbitrary code
Affected Vendors
Siemens
Affected Products
- SIMATIC WinCC
- SIMATIC PCS 7
- SIMATIC PCS 7 v8.0 and earlier
- SIMATIC PCS 7 v8.1 and newer (if “Encrypted Communication” is disabled)
- SIMATIC WinCC v7.2 and earlier
- SIMATIC WinCC v7.3 and newer (if “Encrypted Communication” is disabled)
Remediation
- Upgrade SIMATIC WinCC to v7.3 or newer.
- Upgrade SIMATIC PCS 7 to v8.1 or newer.
- Enable “Encrypted Communications” (some newer versions have this enabled by default).