Multiple vulnerabilities in Siemens SIPROTEC 4 and SIPROTEC Compact

Published: 2016-09-05 00:00:00 | Updated: 2017-07-07 15:18:52
Severity Medium
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2016-7112
CVE-2016-7113
CVE-2016-7114
CVSSv3 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
7.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
Exploitation vector Network
Public exploit Not available
Vulnerable software SIPROTEC 4
Siprotec Compact
Vulnerable software versions SIPROTEC 4 4.28
SIPROTEC 4 4.27
SIPROTEC 4 4.26
SIPROTEC 4 4.25
SIPROTEC 4 4.24
Siprotec Compact 4.28
Siprotec Compact 4.27
Siprotec Compact 4.26
Siprotec Compact 4.25
Siprotec Compact 4.24
Vendor URL Siemens

Security Advisory

1) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to an error related to EN100 Ethernet module. A remote attacker can send specially crafted HTTP request and bypass access restrictions.

Successful exploitation of the vulnerability results in administrative access to the system.

Remediation

Update SIPROTEC 4 to version 4.29.
Update SIPROTEC Compact to version 4.29.

External links

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf

2) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition.

The weakness exists due to an error in the EN100 Ethernet module. A remote attacker can send specially crafted HTTP packets to TCP port 80 and cause the device to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update SIPROTEC 4 to version 4.29.
Update SIPROTEC Compact to version 4.29.

External links

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf

3) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions.

The weakness exists due to an error related to EN100 Ethernet module. A remote attacker can send specially crafted HTTP request and bypass access restrictions.

Successful exploitation of the vulnerability results in administrative access to the system.

Remediation

Update SIPROTEC 4 to version 4.29.
Update SIPROTEC Compact to version 4.29.

External links

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf

Back to List