(Siemens SIPROTEC 4) While performing a security assessment for one of its customers in the critical infrastructure sector, its Security Services team Kaspersky Lab discovered a significant vulnerability.
CVE-2016-4785 vulnerability could allow an attacker to remotely access a limited size of device memory content from latest technology equipment relay protection. The vulnerability was reported to Siemens, the supplier of the equipment, and has already been patched.
The vulnerability was discovered in the network module of the Siemens SIPROTEC 4 protection relay, a device widely used in the energy sector to protect the network from short circuits or critical current loads. A successful one attack through this vulnerability, it would allow an attacker to remotely read some of the device's memory content, but also use the information he can extract for further attacks.
Siemens has recognized the vulnerability and has released one advisory manual with useful instructions on actions to mitigate vulnerability and install updates. Kaspersky Lab urges security professionals working for organizations using this type of equipment to pay special attention to the manual and follow its recommendations.
“Finding vulnerabilities like this is not our primary job, but our experience shows that when we implement security assessment processes, it's almost inevitable that we'll find something. The end user of the products usually has nothing to do with the vulnerability itself, and faces the risk of an attack, even if the rest of their information infrastructure is organized and coordinated quite well. For this reason, it is our responsibility to report any weakness we encounter during our daily work. This is a key part of our contribution to the security community. We would also like to thank ICS CERT for coordinating the disclosure of this vulnerability and Siemens for their swift response upon hearing the news.” commented o Sergey Gordeychik, Deputy CTO of Kaspersky Lab's Services Department.
During the last 12 months, Kaspersky Lab specialists have revealed over 20 vulnerabilities in various hardware and software products - from home appliances to industrial control systems and vehicle and train routers.
Identifying potential weaknesses in IT or industry infrastructure is the key advantage of Penetration Testing and Security Assessment Services offered through Kaspersky Security Intelligence Services, the "family" of services available to Kaspersky Lab, with the aim of providing immediate know-how and specialization for business safety.
This is a very broad set, including Security Training, Digital Signage and Threat Information.
These services help businesses to support all key aspects of digital resilience strategies, including preventing and identifying threats, responding to attacks and anticipating possible incidents. More information is available on its website Kaspersky Lab.
