Home
Version Information
Release Notes, Update information, Certifications and Frequently Asked Questions.
Frequently Asked Questions
A collection of common customer questions
Security

Version Information
Release Notes, Update information, Certifications and Frequently Asked Questions.
- What is WinCC OA?
- Release Notes Version 3.20
  All the new features and changes in WinCC OA V3.20.
- Update Release Notes
- Notes for Upgrading a WinCC OA Project
  Important steps and information to consider when upgrading an existing WinCC OA project to the latest version.
- WinCC OA Version Incompatibilities
  A list of all incompatibilities that needed to be introduced between different versions of WinCC OA.
- Product Certifications
  An overview of WinCC OA's certified standards
- Frequently Asked Questions
  A collection of common customer questions
Concepts
Your first step into modern and powerful process visualization.
Deployment
Topics, you need to know, before using WinCC OA.
Security
Go beyond the norm in cybersecurity.
Engineering
Powerful tools for easy or complex engineering tasks.
Data Management
Classify, structure and archive your data.
Business Logic / Control
Endless possibilities in data processing for your projects.
Data Visualization
User interfaces, Trends and Reports for every purpose and device.
Southbound Interfaces
The process connection to the actual machines/sensors.
Northbound Interfaces
Your portal to the cloud or supervising systems.
Web Connectivity / Network Interfaces
Data exchange, APIs and web technologies
User Management
All about authorization, authentication and login-customization.
Availability
How to get your system uptime to the maximum.
Reporting
Create state of the art project reports without limits.
Addons
Useful tools and enhancements for special demands.
Reference Tables
Detailed and extensive content for special project adaptation.
Videos & Tutorials
Explore the capabilities of WinCC OA with our carefully selected collection of video tutorials and guides.
WinCC OA Documentation
Basic information about terms and functions within the documentation.
Disclaimer
A brief clarification of liability exclusions or legal notices.

Security

Is WinCC OA affected by the “shellshock” vulnerability?

This vulnerability is also called bash bug / bash door in combination with unix bash (Linux/Solaris).

The “Shellshock” vulnerability arises from the fact that a user can create environment variables with specially crafted values before calling the bash shell. These variables can contain code that is executed once the shell is called, which poses a potential security issue.

An overall description of this vulnerability can be viewed here: http://en.wikipedia.org/wiki/Shellshock_(software_bug)

Since WinCC OA does NOT contain any services/managers that get environment variables from a remote machine, setting the content and starting subprocesses with a bash is not affected by this vulnerability..

Official information/references of Siemens industry can viewed here:

Industrial-Security

http://www.industry.siemens.com/topics/global/en/industrial-security/news-alerts/Pages/alerts.aspx

Product-Cert

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-860967.pdf