Siemens Fixes Information Disclosure Holes

Friday, May 20, 2016 @ 05:05 PM gHale


Siemens created a firmware update to mitigate information disclosure vulnerabilities in SIPROTEC 4 and SIPROTEC Compact, according to a report on ICS-CERT.

These remotely exploitable vulnerabilities ended up reported directly to Siemens by Aleksandr Bersenev from HackerDom team and Pavel Toporkov from Kaspersky Lab.

RELATED STORIES
Controller Vulnerabilities Mitigated
IRZ RUH2 Firmware Overwrite Vulnerability
Moxa Clears Router Vulnerabilities
Meteocontrol Clears Vulnerabilities

The vulnerability affects the following products:
• EN100 Ethernet module included in SIPROTEC 4 and SIPROTEC Compact: EN100 version V4.26 or lower
• Ethernet Service Interface on Port A of SIPROTEC Compact models 7SJ80, 7SK80, 7SD80, 7RW80, 7SJ81, 7SK81: All firmware versions

Exploits of these vulnerabilities could allow an attacker with network access to obtain sensitive device information.

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, SIPROTEC 4 and SIPROTEC Compact devices, provide a wide range of integrated protection, control, measurement, and automation functions for electrical substations and other fields of application. The EN100 module sees use for enabling IEC 61850 communications with electrical/optical 100 Mbit interface for SIPROTEC 4 and SIPROTEC Compact devices. SIPROTEC devices see action across several sectors including energy. Siemens estimates that these products see use on a worldwide basis.

The integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain sensitive device information if network access ended up obtained.

CVE-2016-4784 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

The integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if an attacker obtained network access. This vulnerability only affects EN100 Ethernet module included in SIPROTEC 4 and SIPROTEC Compact devices.

CVE-2016-4785 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

No known public exploits specifically target these vulnerabilities. An attacker with a low skill and network access would be able to exploit these vulnerabilities.

Siemens provides firmware update V4.27 for EN100 module included in SIPROTEC 4 and SIPROTEC Compact to fix the vulnerability.

The firmware updates are at the following locations on the Siemens web site:

SIPROTEC 4

SIPROTEC Compact

An attacker must have network access to the affected devices. For remaining affected products, Siemens recommends to protect network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). Users should configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment. Siemens provides guidance at the following location for operating the devices only within trusted networks.

For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-547990.