Siemens Reyrolle

Plan Patch7.5ICS-CERT ICSA-17-187-02Jul 6, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens Reyrolle EN100 Ethernet modules contain multiple vulnerabilities (CWE-862 lack of authorization, CWE-20 improper input validation, CWE-287 improper authentication) affecting firmware versions below 4.29.01. These vulnerabilities are remotely exploitable with low complexity and require no authentication or user interaction. The module handles network communications for Reyrolle protection relays and can accept unauthenticated remote commands.

What this means

What could happen

An attacker on the network could send crafted commands to the EN100 module, potentially disrupting communication with or control of the Reyrolle protection relay, which could prevent the relay from responding to fault conditions or operator commands and impact power system protection and stability.

Who's at risk

Electrical utilities and substations using Siemens Reyrolle protection relays with EN100 Ethernet communication modules should be concerned. These modules are used to enable remote monitoring and control of Reyrolle relays in generation, transmission, and distribution networks. Any facility using Reyrolle relays with network-connected EN100 modules is affected.

How it could be exploited

An attacker with network access to the EN100 module could send specially crafted packets to the module's network interface. The module does not properly validate input or authenticate requests, allowing the attacker to trigger a denial of service condition or potentially execute commands without needing valid credentials.

Prerequisites

Network access to the EN100 module's network interface (typically port 502 for Modbus or standard Ethernet)
No authentication credentials required
EN100 module firmware version below 4.29.01

remotely exploitableno authentication requiredlow complexityaffects safety systems (protection relay operation)impacts critical infrastructure (power protection)

Exploitability

Moderate exploit probability (EPSS 2.4%)

Affected products (1)

ProductAffected VersionsFix Status

EN100 Ethernet modules as optional for Reyrolle: All< 4.29.01V4.29.01

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDImplement firewall rules to restrict network access to EN100 modules, allowing only authorized management and control traffic from specific source networks

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate EN100 Ethernet module firmware to version 4.29.01 or later

Long-term hardening

0/3

HARDENINGImplement network segmentation to isolate Reyrolle relays with EN100 modules on a separate VLAN or subnet with restricted access

HARDENINGConfigure VPN access for remote management of EN100 modules rather than allowing direct network access

HARDENINGReview and follow Siemens Operational Guidelines for Industrial Security to harden the operational environment

CVEs (5)

CVE-2016-4784 CVE-2016-4785 CVE-2016-7112 CVE-2016-7113 CVE-2016-7114

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3038a63b-49d0-4a02-a773-f2f98c46b67c