ICSA-18-317-01 Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC
MonitorCVSS 4.2ICS-CERT ICSA-18-317-01Jun 26, 2018
Siemens
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionRequired
Summary
Siemens IEC 61850 system configurator and related products (DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, SICAM SCC) contain an improper access control vulnerability (CWE-284) that could allow an attacker to gain unauthorized access to sensitive functions. The vulnerability requires network access to specific ports (4884/TCP, 5885/TCP, or 5886/TCP), high attack complexity, user interaction, and high skill level to exploit. Impact is limited to confidentiality and integrity, with no availability impact.
What this means
What could happen
An attacker could gain unauthorized access to configuration or monitoring functions on affected grid automation and protection devices, potentially allowing them to view or modify system settings. However, this requires network access to the device, user interaction, and significant technical skill to exploit.
Who's at risk
Substation automation and grid protection engineers who deploy Siemens IEC 61850 system configurator, DIGSI (configuration tools for substations), or SICAM PAS/PQS/SCC (substation and power quality monitoring systems). Anyone managing medium-to-large substations or distribution automation systems using these Siemens products should assess their exposure.
How it could be exploited
An attacker must reach one of the vulnerable products over the network on ports 4884/TCP, 5885/TCP, or 5886/TCP and craft a request that exploits improper access control logic. User interaction is required for exploitation to succeed. The attacker does not need valid credentials but must have high technical capability to craft a working exploit.
Prerequisites
- Network access to ports 4884/TCP, 5885/TCP, or 5886/TCP on the affected device
- User interaction required for exploitation
- High technical skill and detailed knowledge of the vulnerability needed
- Device must be reachable from the attacker's network location
remotely exploitablehigh attack complexityrequires user interactionhigh skill level neededno known public exploitslow EPSS score (0.4%)
Exploitability
Unlikely to be exploited — EPSS score 0.4%
Affected products (6)
6 with fix
ProductAffected VersionsFix Status
IEC 61850 system configurator<V5.80v5.80
DIGSI 4<V4.93v4.93
SICAM PAS/PQS<V8.11v8.11
SICAM PQ Analyzer<V3.11v3.11
SICAM SCC<V9.02 HF3v9.02_HF3
DIGSI 5 (affected as IEC 61850 system configurator is incorporated)<V7.80v5.80
Remediation & Mitigation
0/9
Do now
0/1WORKAROUNDConfigure firewall rules to restrict access to ports 4884/TCP, 5885/TCP, and 5886/TCP to localhost or trusted engineering workstations only
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
IEC 61850 system configurator
HOTFIXUpdate IEC 61850 system configurator to version 5.80 or later
HOTFIXUpdate DIGSI 5 to version 7.80 or later, or uninstall IEC 61850 system configurator if upgrade is not feasible
DIGSI 4
HOTFIXUpdate DIGSI 4 to version 4.93 or later
SICAM PAS/PQS
HOTFIXUpdate SICAM PAS/PQS to version 8.11 or later
SICAM PQ Analyzer
HOTFIXUpdate SICAM PQ Analyzer to version 3.11 or later
SICAM SCC
HOTFIXUpdate SICAM SCC to version 9.02 HF3 or later
Long-term hardening
0/2HARDENINGIsolate control system networks from the business network and the Internet; ensure affected devices are not directly internet-accessible
HARDENINGIf remote access is required, use a VPN or out-of-band management network and keep VPN software updated
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fd6845e2-0413-4d79-a53b-94e1c314c925Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.