Siemens Spectrum Power

Low Risk3.7ICS-CERT ICSA-20-252-04Sep 8, 2020

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Siemens Spectrum Power 4 contains information disclosure vulnerabilities (CWE-312 Cleartext Storage of Sensitive Information and CWE-548 Exposure of Information Through Query Strings) that allow unauthenticated attackers on the network to leak sensitive operational data from the power grid management system. Affected versions are all releases before 4.70_SP8.

What this means

What could happen

An attacker with network access could leak sensitive information from Spectrum Power 4 systems used to monitor and control power grids. This could expose operational details used by grid operators.

Who's at risk

Transmission and distribution operators (TSOs and DSOs) worldwide who operate Siemens Spectrum Power 4 systems for real-time monitoring and control of electric grids. This includes state and municipal utilities managing power distribution and transmission networks.

How it could be exploited

An attacker on the network can exploit information disclosure vulnerabilities (CWE-312: Cleartext Storage of Sensitive Information, CWE-548: Exposure of Information Through Query Strings) to extract sensitive data from Spectrum Power 4 without needing to authenticate or interact with users. The vulnerability allows information leakage over the network to unauthorized parties.

Prerequisites

Network access to Spectrum Power 4 system (Transmission or Distribution operator networks)
No authentication required to trigger the information disclosure
Target running Spectrum Power 4 version prior to 4.70_SP8

Remotely exploitableNo authentication requiredLow complexity attackNo patch available for end-of-life systemsAffects critical grid operations

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

Spectrum Power' 4: All<V4.70 SP8No fix yet

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict access to Spectrum Power 4 systems to authorized management networks only

HARDENINGDeploy VPN or other secure remote access mechanisms if out-of-band management of Spectrum Power 4 is required

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Spectrum Power 4 to version 4.70_SP8 or later

Long-term hardening

0/1

HARDENINGReview grid design to ensure multi-level redundant secondary protection schemes are in place per regulatory requirements

CVEs (2)

CVE-2020-15784 CVE-2020-15790

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/77f3b112-882f-41a5-baee-61867598b079