CVE-2023-28829

Name of the Vulnerable Software and Affected Versions SIMATIC NET PC Software versions V14 through V15 SIMATIC PCS 7 versions V8.2 through V9.1 SIMATIC WinCC versions prior to V8.0 SINAUT Software ST7sc (affected versions not specified)

Description The issue is related to the use of outdated functions in the software. It may allow a remote attacker to gain unauthorized access to encrypted data. The affected software used legacy OPC services by default, which were designed using Windows ActiveX and DCOM mechanisms and lack modern security mechanisms for authentication and encryption.

Recommendations For SIMATIC NET PC Software versions V14 and V15, update the software to a version that implements state-of-the-art security mechanisms. For SIMATIC PCS 7 versions V8.2 through V9.1, consider disabling the legacy OPC services until a patch is available. For SIMATIC WinCC versions prior to V8.0, restrict access to the legacy OPC services to minimize the risk of exploitation. For SINAUT Software ST7sc, at the moment, there is no information about a newer version that contains a fix for this vulnerability.