SCADA Vulnerabilities & Exposures (SVE)

CRITIFENCE® SCADA Vulnerabilities and Exposures Database (SVE)

[SVE-956636036] Siemens SIPROTEC Information Disclosure Vulnerabilities

Date Type Platform Author EDB-ID CVE-ID OSVDB-ID Download App SIS Signature
2016-05-19OTHERSiemens SIPROTECAleksandr Bersenev, Pavel ToporkovN/A2016-4784, 2016-4785N/AN/AN/A

Source

						
							
								
#
# Siemens SIPROTEC Information Disclosure Vulnerabilities
#


### OVERVIEW

Siemens has identified information disclosure vulnerabilities in SIPROTEC 4 and SIPROTEC Compact. These vulnerabilities were reported directly to Siemens by Aleksandr Bersenev from HackerDom team and Pavel Toporkov from Kaspersky Lab. Siemens has produced a firmware update to mitigate these vulnerabilities.

These vulnerabilities could be exploited remotely.




### AFFECTED PRODUCTS

Siemens reports that the vulnerability affects the following products:

EN100 Ethernet module included in SIPROTEC 4 and SIPROTEC Compact: EN100 version V4.26 or lower, and
Ethernet Service Interface on Port A of SIPROTEC Compact models 7SJ80, 7SK80, 7SD80, 7RW80, 7SJ81, 7SK81: All firmware versions.




### IMPACT

Exploits of these vulnerabilities could allow an attacker with network access to obtain sensitive device information.

Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation.




### BACKGROUND

Siemens is a multinational company headquartered in Munich, Germany.

The affected products, SIPROTEC 4 and SIPROTEC Compact devices, provide a wide range of integrated protection, control, measurement, and automation functions for electrical substations and other fields of application. The EN100 module is used for enabling IEC 61850 communications with electrical/optical 100 Mbit interface for SIPROTEC 4 and SIPROTEC Compact devices. According to Siemens, SIPROTEC devices are deployed across several sectors including Energy. Siemens estimates that these products are used worldwide.




### VULNERABILITY CHARACTERIZATION

# VULNERABILITY OVERVIEW


INFORMATION EXPOSURE

The integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.
CVE-2016-4784 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).


INFORMATION EXPOSURE

The integrated web server (Port 80/TCP) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC 4 and SIPROTEC Compact devices.
CVE-2016-4785 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).




### VULNERABILITY DETAILS


# EXPLOITABILITY

These vulnerabilities could be exploited remotely.


# EXISTENCE OF EXPLOIT

No known public exploits specifically target these vulnerabilities. 


# DIFFICULTY

An attacker with a low skill and network access would be able to exploit these vulnerabilities.




### MITIGATION

Siemens provides firmware update V4.27 for EN100 module included in SIPROTEC 4 and SIPROTEC Compact to fix the vulnerability. The firmware updates can be found at the following locations on the Siemens web site:

http://www.siemens.com/downloads/siprotec-4
http://www.siemens.com/downloads/siprotec-compact


An attacker must have network access to the affected devices. For remaining affected products, Siemens recommends to protect network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). It is advised to configure the environment according to Siemens operational guidelines in order to run the devices in a protected IT environment. Siemens provides guidance at the following location for operating the devices only within trusted networks:

http://www.siemens.com/gridsecurity


For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-547990 at the following location:

http://www.siemens.com/cert/advisories