Malware, Vulnerability Management

ICS-CERT: BlackEnergy may be infecting WinCC systems lacking recent patch

BlackEnergy malware that has been observed compromising systems may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November, according to an updated alert issued by ICS-CERT.

The group had originally published an alert in October after a variant of BlackEnergy compromised industrial control system environments and targeted Siemens WinCC as well as Advantech/Broadwin WebAccess and GE Cimplicity. 

The following month Siemens issued a patch.

While ICS-CERT “lacks definitive information” regarding how BlackEnergy is infecting WinCC systems, the group said there are “indications that one of the vulnerabilities fixed with the latest update for SIMATIC WinCC may have been exploited by the Black Energy malware." To prevent future attacks, ICS-CERT urged WinCC, PCS7 and TIA Portal users to “update their software to the most recent version as soon as possible."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.