Siemens Mitigates Missing Authentication Hole

Thursday, March 8, 2018 @ 03:03 PM gHale

Siemens has an update plan to fix a missing authentication for critical function vulnerability in its SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension, according to a report with ICS-CERT.

Successful exploitation of this remotely exploitable vulnerability, discovered by Ilya Karpov and Alexey Stennikov from Positive Technologies, could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities.

RELATED STORIES
Siemens Mitigates Vulnerabilities
New Firmware Clears Eaton ELCSoft Hole
Hirschmann’s Mitigation Plan for Platform Switches
Schneider Updates SoMove, DTM Software

Siemens said the vulnerability affects the following EN100 Ethernet module products:
• EN100 Ethernet module IEC 61850 variant: All versions prior to V4.30
• EN100 Ethernet module PROFINET IO variant: All versions
• EN100 Ethernet module Modbus TCP variant: All versions
• EN100 Ethernet module DNP3 variant: All versions
• EN100 Ethernet module IEC 104 variant: All versions

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Successful exploitation of this vulnerability could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities.

CVE-2018-4838 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

The product sees action mainly in the energy sector and on a global basis.

For EN100 Ethernet module IEC 61850 variant (All versions prior to V4.30), Siemens recommends users update to V4.30.

All other affected products, Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). It is advised to configure the environment according to Siemens’ operational guidelines in order to run the devices in a protected IT environment.

Click here to recommend security guidelines to Secure Substations and Defense-in-Depth.

For further inquiries on vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information on this vulnerability and associated software updates, see Siemens security notification SSA-845879.



Leave a Reply

You must be logged in to post a comment.