Siemens SIPROTEC Information Disclosure Vulnerabilities (Update B)

MonitorCVSS 5.3ICS-CERT ICSA-16-140-02Feb 20, 2016

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SIPROTEC protective relay Ethernet modules and devices contain information disclosure vulnerabilities in their Ethernet service interfaces. Affected devices include EN100 modules in SIPROTEC 4 and Compact, and SIPROTEC Compact models 7SJ80, 7RW80, 7SJ81, and 7SK81 with Ethernet Service Interface on Port A. An attacker with network access to these devices can read sensitive configuration information without authentication. Siemens has released firmware updates V4.27 for EN100 modules and V4.76 for 7SJ80, but has not released updates for the 7RW80, 7SJ81, and 7SK81 models.

What this means

What could happen

An attacker with network access to affected SIPROTEC devices could read sensitive configuration or system information without authentication, potentially exposing protective relay settings, IP addresses, or other operational details that could inform further attacks.

Who's at risk

This affects electrical utilities and any facility operating SIPROTEC protective relays for power system protection. The EN100 Ethernet modules are used in SIPROTEC 4 and Compact models to add network connectivity to protective relays (7SJ80, 7RW80, 7SJ81, 7SK81). These relays protect transformers, feeders, and generators from faults.

How it could be exploited

An attacker on the network sends requests to the Ethernet interface of an affected SIPROTEC device (port 502 or the management Ethernet port). The device responds with sensitive information without requiring authentication due to the information disclosure vulnerability. The attacker collects configuration details or system state information.

Prerequisites

Network access to the affected device's Ethernet interface
No authentication credentials required

remotely exploitableno authentication requiredlow complexityno patch available for multiple product variants

Exploitability

Some exploitation risk — EPSS score 2.4%

Affected products (6)

3 with fix1 pending2 EOL

ProductAffected VersionsFix Status

SIPROTEC Compact models 7RW80 with Ethernet Service Interface on Port A: vers:all/*All versionsNo fix yet

EN100 Ethernet module included in SIPROTEC 4: <=V4.26≤ V4.26V4.27

EN100 Ethernet module included in SIPROTEC Compact: <=V4.26≤ V4.26V4.27

SIPROTEC Compact model 7SJ80 with Ethernet Service Interface on Port A Firmware: <=V4.75≤ V4.75V4.76

SIPROTEC Compact models 7SJ81 with Ethernet Service Interface on Port A: vers:all/*All versionsNo fix (EOL)

SIPROTEC Compact models 7SK81 with Ethernet Service Interface on Port A: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImplement network firewall rules to restrict access to SIPROTEC device Ethernet interfaces from untrusted networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EN100 Ethernet module firmware to V4.27 or later for SIPROTEC 4 and SIPROTEC Compact devices

HOTFIXUpdate SIPROTEC Compact 7SJ80 with Ethernet Service Interface firmware to V4.76 or later

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: SIPROTEC Compact models 7SJ81 with Ethernet Service Interface on Port A: vers:all/*, SIPROTEC Compact models 7SK81 with Ethernet Service Interface on Port A: vers:all/*. Apply the following compensating controls:

HARDENINGIsolate SIPROTEC device networks from the business network using network segmentation

HARDENINGIf remote access is required, use VPN with current security patches to access SIPROTEC devices

CVEs (2)

CVE-2016-4784 CVE-2016-4785

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5589bcc2-344c-460f-96d6-9c3fbe7b26cb

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.