Siemens Fixes SWT3000 Firmware

Thursday, November 30, 2017 @ 04:11 PM gHale


Siemens updated firmware to mitigate multiple vulnerabilities in its SWT3000, according to a report with ICS-CERT.

The remotely exploitable vulnerabilities Siemens discovered and then reported to ICS-CERT are an improper authentication, authentication bypass and improper input validation.

RELATED STORIES
Ethicon Endo-Surgery Clears Vulnerability
Siemens has Mitigations for SCALANCE Holes
Phoenix Contact Working on KRACK Fix
Siemens Mitigates SICAM Holes

Siemens said the vulnerabilities affect the following SWT 3000 Teleprotection system products:
• EN100 for SWT3000 (iSWT3000):
— IEC 61850 firmware: All versions prior to V4.29.01
— TPOP firmware: All versions prior to V01.01.00

Successful exploitation of these vulnerabilities under certain conditions may allow attackers to perform a denial-of-service attack.

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

In the improper authentication vulnerability, the integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained. SWT3000 with TPOP is not affected by this vulnerability.

CVE-2016-4784 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, the integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. SWT3000 with TPOP is not affected by this vulnerability.

CVE-2016-4785 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

Also, in the authentication bypass using an alternate path or channel vulnerability, attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform certain administrative operations.

CVE-2016-7112 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, specially crafted packets sent to Port 80/TCP could cause the affected EN100 module of the SWT3000 to go into defect mode.

CVE-2016-7113 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

Also, attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful.

CVE-2016-7114 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.

The product sees use mainly in the energy sector and on a global basis.

Siemens has provided updated firmware that fixes the vulnerabilities for the following affected products and recommends users update to the newest version:
• SWT3000:
— IEC61850 firmware: Update to V4.29.01
— TPOP firmware: Update to V01.01.00

To obtain the firmware email the Customer Support Center.

Siemens recommends users protect network access with appropriate mechanisms. Siemens also advises that users configure the operational environment according to Siemens’ Operational Guidelines for Industrial Security.

Not all of the devices above are affected by all vulnerabilities. For more information on these vulnerabilities and more detailed mitigation instructions, see Siemens Security Advisory SSA-350846.



Leave a Reply

You must be logged in to post a comment.