While performing a security assessment for one of its clients in the critical infrastructure sector, the Kaspersky Lab Security Services team discovered an important vulnerability. The CVE-2016-4785 vulnerability could allow an attacker to remotely obtain a limited amount of device memory content from relay protection equipment. The vulnerability was reported to Siemens, the equipment vendor, and has already been patched.
The vulnerability was discovered in the network module of a Siemens SIPROTEC 4 protection relay – a device that is widely used in the energy sector to protect the grid against short-circuits or critical power loads. A successful attack through this vulnerability would allow an attacker to remotely read some of the device's memory content through the module. This information could be used for further attacks.
Siemens has acknowledged the vulnerability and has released an advisory with useful instructions on mitigation and updates. Kaspersky Lab urges any security specialists working for organizations that use this kind of equipment, to pay close attention to the advisory and follow its recommendations.
“Finding vulnerabilities like this is not our primary job, but experience shows us that when we undertake security assessment procedures, it’s almost inevitable that we will find something. The end user of vulnerable products usually has nothing to do with the vulnerability itself, and remains at risk of attack even if other parts of the IT infrastructure are organized and tuned rather well. For these reasons it’s our responsibility to report on every security weakness we find during our day to day work. This is a key part of our contribution to the security community. We would also like to thank ICS CERT for coordinating the disclosure of this vulnerability, and Siemens for its swift reaction to the news,” - said Sergey Gordeychik Deputy CTO, Services at Kaspersky Lab.
The vulnerability was discovered by Pavel Toporkov, senior application security specialist at Kaspersky Lab.
During the last 12 months, Kaspersky Lab experts have responsibly disclosed more than 20 vulnerabilities in different hardware and software products: from consumer devices to industrial control systems and vehicle and railway routers.
Finding potential weaknesses in IT or industrial infrastructure is the key benefit of Penetration Testing and Security Assessment services, offered under the Kaspersky Security Intelligence Services umbrella. These services also include a diverse set of products aimed at faster delivery of security expertise to businesses: Security Training, Digital Forensics, Threat Data Feeds and Intelligence reporting. These services help companies to support all key aspects of cyber resilience strategies, including threat prevention and detection, attack response and prediction. More information about Security Intelligence Services can be found at Kaspersky Lab’s website.