14 DAY TRIAL // The operators behind the BlackEnergy cyber-espionage campaign are believed to have exploited a vulnerability fixed in the latest version of the SIMATIC WinCC software from Siemens, which is used in industrial control systems (ICS).
The information comes from ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), which updated an older alert, from October 29, about an advanced persistent threat group targeting HMI (human–machine interface) software from products of different vendors, including Siemens WinCC.
ICS-CERT did not release too many details about the threat or the actor behind it, but it informs that the compromise was possible because of the vulnerability recently patched in WinCC.
The products affected by the glitch are SIMATIC WinCC, SIMATIC PCS7, and TIA Portal V13 (WinCC Professional Runtime included). The risk was the execution of arbitrary code remotely, without authentication.
“While ICS-CERT lacks definitive information on how WinCC systems are being compromised by BlackEnergy, there are indications that one of the vulnerabilities fixed with the latest update for SIMATIC WinCC may have been exploited by the BlackEnergy malware,” reads the latest ICS-CERT advisory on the matter.
BlackEnergy has been designed for cyber-espionage activities, and according to the profile of the threat from Kaspersky, it focuses on industrial control systems (ICS).