Siemens Mitigates Vulnerabilities

Thursday, March 8, 2018 @ 03:03 PM gHale

Siemens has updates to mitigate missing authentication for critical function and inadequate encryption strength vulnerabilities in its SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module, according to a report with ICS-CERT.

Successful exploitation of these remotely exploitable vulnerabilities, discovered by Ilya Karpov and Dmitry Sklyarov from Positive Technologies, could allow an attacker to upload a modified device configuration that could overwrite access authorization passwords, or allow an attacker to capture certain network traffic that could contain authorization passwords.

RELATED STORIES
New Firmware Clears Eaton ELCSoft Hole
Hirschmann’s Mitigation Plan for Platform Switches
Schneider Updates SoMove, DTM Software
ICS Spectre, Meltdown Update Part IV

The vulnerabilities affect the following products:
• DIGSI 4: All versions prior to V4.92
• EN100 Ethernet module IEC 61850 variant: All versions prior to V4.30
• EN100 Ethernet module PROFINET IO variant: All versions
• EN100 Ethernet module Modbus TCP variant: All versions
• EN100 Ethernet module DNP3 variant: All versions
• EN100 Ethernet module IEC 104 variant: All versions
• SIPROTEC 4 7SJ66: All versions prior to V4.30. Only affected by CVE-2018-4839
• SIPROTEC Compact 7SJ80: All versions prior to V4.77. Only affected by CVE-2018-4839
• SIPROTEC Compact 7SK80: All versions prior to V4.77. Only affected by CVE-2018-4839
• Other SIPROTEC Compact relays: All versions. Only affected by CVE-2018-4839
• Other SIPROTEC 4 relays: All versions. Only affected by CVE-2018-4839

No known public exploits specifically target these vulnerabilities. However, an attacker with low skill level could leverage the vulnerabilities.

Successful exploitation of this vulnerability could allow an attacker to upload a modified device configuration, allowing an overwrite of access authorization passwords.

CVE-2018-4840 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.5.

In addition, successful exploitation of this vulnerability could allow an attacker with local access to the engineering system or in a privileged network position to capture certain network traffic, and possibly reconstruct access authorization passwords.

CVE-2018-4839 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.0.

The product sees use mainly in the energy sector and on a global basis.

Siemens has provided the following updates for mitigations:
• DIGSI 4: Update to V4.92
• EN100 Ethernet module IEC 61850 variant: Update to V4.30
• SIPROTEC 4 7SJ66: Update to V4.30
• SIPROTEC Compact 7SJ80: Update to V4.77
• SIPROTEC Compact 7SK80: Update to V4.77

For all other affected products, Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk. As a general security measure, Siemens strongly recommends protecting network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). It is advised that users configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment.

Click here for recommended security guidelines to Secure Substations and Defense in Depth.

For further inquiries on vulnerabilities in Siemens products and solutions, contact the Siemens ProductCERT.

For more information on these vulnerabilities and associated software updates, see Siemens security notification SSA-203306.



Leave a Reply

You must be logged in to post a comment.