Siemens released updates to handle an improper access control vulnerability in its IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC, according to a report with NCCIC.
Successful exploitation of this remotely exploitable vulnerability, which Siemens self reported, could allow a remote attacker to exfiltrate limited data from the system or execute code with operating system user permissions.
The following versions of Siemens products are affected:
• IEC 61850 system configurator all versions prior to v5.80
• DIGSI 5 (affected as IEC 61850 system configurator is incorporated) all versions prior to v7.80
• DIGSI 4 all versions prior to v4.93
• SICAM PAS/PQS all versions prior to v8.11
• SICAM PQ Analyzer all versions prior to v3.11
• SICAM SCC all versions prior to v9.02 HF3
In the vulnerability, a service of the affected products listening on all of the host’s network interfaces on either Port 4884/TCP, Port 5885/TCP, or Port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or execute code with Microsoft Windows user permissions.
CVE-2018-4858 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.2.
The product sees use in the chemical, critical manufacturing, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. High skill level is needed to exploit.
Siemens released updates for the affected products and recommends users update to the newest version.
• IEC 61850 system configurator update to v5.80
• DIGSI 5 (affected as IEC 61850 system configurator is incorporated) – Uninstall IEC 61850 system configurator or update to v7.80
• DIGIS 4 update to v4.93
• SICAM PAS/PQS update to v8.11
• SICAM PQ Analyzer update to v3.11
• SICAM SCC update to v9.02 HF3
Siemens found the following specific workarounds and mitigations users can apply to reduce the risk:
1. Change firewall configuration to restrict access to Ports 4884/TCP, 5885/TCP or 5886/TCP to localhost (depending on the affected product in use)
2. Follow secure substations security guidelines
For additional information see Siemens’ security advisory SSA-159860.