SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-597333255] Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2018-03-08OtherSiemensIlya Karpov and Alexey Stennikov from Positive Technologies reported this vulnerability to Siemens.N/ACVE-2018-4838 N/AN/AN/A

Source

						
							
								
#
# Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension
#


### VULNERABLE VENDOR
Siemens


### VULNERABLE PRODUCT
SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension 


### RESEARCHER
Ilya Karpov and Alexey Stennikov from Positive Technologies reported this vulnerability to Siemens.


### AFFECTED PRODUCTS
Siemens reports that the vulnerability affects the following EN100 Ethernet module products:

EN100 Ethernet module IEC 61850 variant: All versions prior to V4.30,
EN100 Ethernet module PROFINET IO variant: All versions,
EN100 Ethernet module Modbus TCP variant: All versions,
EN100 Ethernet module DNP3 variant: All versions, and
EN100 Ethernet module IEC 104 variant: All versions


### IMPACT
Successful exploitation of this vulnerability could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities.


### VULNERABILITY OVERVIEW
MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306
Successful exploitation of this vulnerability could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities.
CVE-2018-4838 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)





### BACKGROUND
Critical Infrastructure Sectors: Energy
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany




### MITIGATION

For EN100 Ethernet module IEC 61850 variant (All versions prior to V4.30), Siemens recommends users update to V4.30, which can be located here:

https://support.industry.siemens.com/cs/us/en/view/109745821


All other affected products, Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). It is advised to configure the environment according to Siemens’ operational guidelines in order to run the devices in a protected IT environment.

Recommended security guidelines to Secure Substations and Defense-in-Depth can be found at:

https://www.siemens.com/gridsecurity


For further inquiries on vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT:

https://www.siemens.com/cert/advisories


For more information on this vulnerability and associated software updates, please see Siemens security notification SSA-845879 on their website:

https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf