Global industrial supplier Siemens has patched two critical vulnerabilities that it believes are likely being exploited.
Organizations running products using the Siemens WinCC application are urged to apply available patches immediately; the company said it is working on updates for any remaining affected products.
An advisory from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) identified the affected products:
- SIMANTIC WinCC: V7.0 SP2 and earlier: All versions; V7.0 SP3 and earlier: All versions; V7.2: All versions prior to V7.2 Update 9; and V7.3: All versions prior to V7.3 Update 2.
- SIMANTIC PCS7: V7.1 SP4 and earlier: All versions; V8.0: All versions prior to V8.0 SP2 with WinCC V7.2 Update 9; and V8.1: All versions with WinCC V7.3 prior to V8.1 Update 2.
- TIA Portal V13 (including WinCC Professional Runtime): All versions prior to V13 Update 6.