BlackEnergy malware that has been observed compromising systems may be exploiting a vulnerability in Siemens SIMATIC WinCC software that was patched in early November, according to an updated alert issued by ICS-CERT.

The group had originally published an alert in October after a variant of BlackEnergy compromised industrial control system environments and targeted Siemens WinCC as well as Advantech/Broadwin WebAccess and GE Cimplicity. 

The following month Siemens issued a patch.

While ICS-CERT “lacks definitive information” regarding how BlackEnergy is infecting WinCC systems, the group said there are “indications that one of the vulnerabilities fixed with the latest update for SIMATIC WinCC may have been exploited by the Black Energy malware." To prevent future attacks, ICS-CERT urged WinCC, PCS7 and TIA Portal users to “update their software to the most recent version as soon as possible."