Siemens Updates SIPROTEC 4, SIPROTEC

Wednesday, September 7, 2016 @ 01:09 PM gHale


Siemens released a firmware update for SIPROTEC 4 and SIPROTEC Compact devices to mitigate authentication bypass and resource exhaustion vulnerabilities, according to a report on ICS-CERT.

Kirill Nesterov and Anatoly Katushin from Kaspersky Lab reported some of these remotely exploitable vulnerabilities directly to Siemens.

RELATED STORIES
Westermo Switch Issue Updated
Moxa Fixes OnCell Vulnerabilities
Navis Mitigates SQL Vulnerability
Navis WebAccess SQL Injection Hole

These vulnerabilities affect EN100 Ethernet module (as optional for SIPROTEC 4 and SIPROTEC Compact): All versions prior to V4.29.

An attacker may be able to access the administrative web application by exploiting these vulnerabilities.

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, SIPROTEC 4 and SIPROTEC Compact devices, provide a wide range of integrated protection, control, measurement, and automation functions for electrical substations and other fields of application. The EN100 module ends up used for enabling IEC 61850 communications with electrical/optical 100 Mbit interface for SIPROTEC 4 and SIPROTEC Compact devices. SIPROTEC devices see action across several sectors including energy. Siemens estimates these products see use on a global basis.

Attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform administrative operations.

CVE-2016-7112 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

In addition, specially crafted packets sent to Port 80/TCP could cause the affected device to go into defect mode.

CVE-2016-7113 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.

Also, attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform administrative operations. A legitimate user must end up logged into the web interface for the attack to be successful.

CVE-2016-7114 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.

No known public exploits specifically target these vulnerabilities. An attacker with a low skill would be able to exploit these vulnerabilities.

Siemens provides firmware update V4.29 for EN100 modules included in SIPROTEC 4 and SIPROTEC Compact devices to fix the vulnerabilities. Siemens recommends users update to the latest firmware version.

Click here for the firmware update for SIPROTEC 4.

Click here for the firmware update for SIPROTEC Compact with EN100 module.

For more information on these vulnerabilities and more detailed mitigation instructions, click here for the Siemens Security Advisory SSA-630413.