This advisory treats seven different vulnerabilities that have been found in the software running on SIMATIC HMIs that are engineered with WinCC (TIA Portal) V11, partially impacting confidentiality, integrity and availability of the system. The vulnerabilities affect the web server of engineered HMIs and their internal password management. Possible attacks require either physical access to the HMI or an authenticated user, so an attacker must either have valid user credentials or must use social engineering on a legitimate user. When the vulnerabilities are exploited they allow password retrieval, web session hijacking, source code retrieval, display of false data and Denial-of-Service.
fcef520cab212f67c15a79e30fbeafb976f24f11b4ac5b85915fb347e72d7116