Siemens Fixes SIPROTEC DoS Vulnerability

Wednesday, July 22, 2015 @ 12:07 PM gHale

Siemens created new firmware to fix a denial-of-service (DoS) vulnerability in the SIPROTEC 4 and SIPROTEC Compact devices, according to a report on ICS-CERT.

This remotely exploitable vulnerability came directly to Siemens by Victor Nikitin from i Grids LLC Russia.

Sm@rtClient Android Vulnerability Fixed
RuggedCom ROS Fixes POODLE
Mitigation Plan for Infusion System Hole
Eaton Fixes Power System Hole

The vulnerability affects the following versions:
• SIPROTEC 4 and SIPROTEC Compact product families
• All devices that include the EN100 Ethernet module version V4.24 or prior.

An attacker could remotely cause a denial of service by exploiting this vulnerability.

The affected products, SIPROTEC 4 and SIPROTEC Compact devices, provide a wide range of integrated protection, control, measurement, and automation functions for electrical substations and other fields of application. The EN100 module enables IEC 61850 communications with electrical/optical 100 Mbit interface for SIPROTEC 4 and SIPROTEC Compact devices. According to Siemens, SIPROTEC devices see action across several sectors globally including energy.

Specially crafted packets sent to Port 50000/UDP could cause a denial of service of the affected device. A manual reboot would have to occur to return the device to service.

CVE-2015-5374 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Siemens has provided firmware update V4.25 for the EN100 module to fix the vulnerability. Click here for the firmware update for SIPROTEC 4.

Click here for the firmware update for SIPROTEC Compact.

For more information on this vulnerability and more detailed mitigation instructions, see Siemens Security Advisory SSA-732541.