04 December 2017
Vulnerabilities in Siemens SWT 3000 Devices
Siemens has reported vulnerabilities in the SWT 3000 protection signal transmission system.
SWT 3000 is a telecommunication solution that is popular in the energy sector. It is used in analog, digital and optical communication channels and as part of high-frequency power-line carrier communication equipment.
According to an advisory released by Siemens, vulnerabilities affect EN100 (iSWT 3000) modules with the following firmware versions:
- IEC 61850: all versions prior to V4.29.01
- TPOP firmware: all versions prior to V01.01.00.
A total of five medium-severity vulnerabilities, with CVSS scores from 4.3 to 5.3, were identified.
Two of these are associated with the integrated web server (port 80/tcp) and, if network access is obtained, could allow remote attackers to obtain sensitive device information (CVE-2016-4784) or a limited amount of device memory content (CVE-2016-4785). These vulnerabilities affect the IEC 61850 firmware only and do not affect SWT 3000 devices with TPOP.
Attackers who have obtained network access to the device’s web interface (port 80/tcp) can also circumvent authentication and perform certain administrative operation (CVE-2016-7112 and CVE-2016-7114). Importantly, for an attack exploiting CVE-2016-7114 to be successful, a legitimate user must be logged into the web interface.
Additionally, a denial-of-service (DoS) attack can be carried out by sending specially crafted packets to port 80/tcp in order to exploit the CVE-2016-7113 vulnerability.
To close the above vulnerabilities, Siemens recommends updating device firmware to the following versions: IEC61850 to version V4.29.01, TPOP – to version V01.01.00.
Threats to ICS and industrial enterprises in 2022 as they are foreseen from November 2021
23 November 2021
Good old buffer overflow
31 March 2021
Network Asset Traversal or NATural disaster: NAT Slipstreaming 2.0
30 March 2021