Researchers found security flaws in Siemens devices
Recently, ICS-CERT released a security report that Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices have three vulnerabilities that could be exploited by hackers to attack substations and other power supply facilities. When these vulnerabilities are exploited successfully, an attacker can overwrite the access authorization password by uploading the modified device configuration or capture some network traffic that may contain an authorization password, which may result in the interruption of power device protection functions or the reduction of customers.
It is reported that these vulnerabilities were discovered by Positive Technologies’ security experts. Positive Technologies’ technical experts have detected that Siemens has high-risk vulnerabilities in the protection of power systems, which are used to control and protect power supply equipment such as power substations or hydroelectric power stations. The following is the specific situation of the vulnerability:
CVE-2018-4840, rated as high severity, can be exploited by remote and unauthenticated attackers to modify device configuration and override access codes.
CVE-2018-4839 is a medium severity issue that allows a local or cyber attacker to recover access authorization passwords by intercepting network traffic or obtaining data from a target device. Positive Technologies stated that this password can be used to gain full access to the relay.
Both CVE-2018-4840 and CVE-2018-4839 affect the EN100 Ethernet module and the DIGSI 4 operation and configuration software used by SIPROTEC 4 and SIPROTEC compact protection relays.
The third high severity vulnerability exists in the high severity vulnerability in the relay’s web interface and is traced to CVE-2018-4838. This vulnerability allows intruders to remotely upload outdated firmware versions that contain known vulnerabilities and execute code on the target system. The Reyrolle, SIPROTEC 4, and SIPROTEC Compact devices that currently use EN100 modules are affected by this vulnerability.
In response to the above vulnerabilities, Siemens stated that it has issued security patches and mitigation measures to counter the serious threat posed to substations.
Source: Security Affairs
