This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site.

Siemens has identified two vulnerabilities in SIMATIC WinCC, PCS 7, and WinCC Runtime Professional. Sergey Temnikov and Vladimir Dashchenko from Kaspersky Lab reported these issues directly to Siemens. Siemens has produced updates to mitigate these vulnerabilities.

Siemens Simatic WinCC V70 SP3 Update 1 Update 2 Update Only

I am just confused why SP3 is normally working without some visible problems, but after install update 1, everything stop work. I cannot open or create project. And doesn't matter if computer is connected to internet or not.

Siemens has addressed this vulnerability in SIMATIC WinCC V7.0 SP2 Update 1 (V 7.0.2.1) and newer. The latest software update, V7.0 SP3 Update 2, is provided at the Siemens product update page.e Siemens recommends that SIMATIC PCS 7 users should apply this update. The updated version removes the default credentials and switches authentication mechanisms to Windows protocols. Siemens strongly encourages installing the software updates as soon as possible. For further information please review Siemens Security Advisory (SSA-027884), which can be found at the Siemens ProductCERT website. 2ff7e9595c