Siemens Patches Several Flaws in Teleprotection Devices

Siemens has patched several vulnerabilities, including authentication bypass and denial-of-service (DoS) flaws, in its SWT 3000 teleprotection devices.
The SWT 3000 teleprotection devices are designed for quickly identifying and isolating faults in high-voltage power grids. This Siemens product is used in the energy sector worldwide.
According to advisories published by both Siemens and ICS-CERT, medium severity vulnerabilities have been found in the EN100 Ethernet module used by SWT 3000 devices running IEC 61850 and TPOP firmware.
The flaws can be exploited to bypass authentication to the web interface and perform administrative operations (CVE-2016-7112, CVE-2016-7114), and cause devices to enter a DoS condition by sending specially crafted packets (CVE-2016-7113).
Flaws related to the product’s web server can be leveraged by a network attacker to obtain sensitive device information (CVE-2016-4784), and data from the device’s memory (CVE-2016-4785).
网络安全法普法宣传 004《网络安全法》的突出亮点
The security holes have been addressed in IEC 61850 firmware with the release of version 4.29.01. The TPOP firmware is affected by only three of the flaws. These have been fixed with the release of version 01.01.00.
As it’s apparent from the CVE identifiers, these vulnerabilities were actually discovered last year. They were reported to Siemens via ICS-CERT by researchers at HackerDom and Kaspersky Lab.
Siemens and ICS-CERT disclosed CVE-2016-4784 and CVE-2016-4785 in May 2016, when they warned that the flaws had affected SIPROTEC 4 and SIPROTEC Compact devices. An advisory published in September 2016 warned that the same products were also affected by CVE-2016-7112, CVE-2016-7114 and CVE-2016-7113.
In July 2017, Siemens informed customers that all five vulnerabilities also impacted Reyrolle devices, which provide a wide range of integrated protection, control, measurement, and automation functions for electrical substations.
Related: Siemens Patches Flaws in Automation, Power Distribution Products

Related: Serious Flaw Exposes Siemens Industrial Switches to Attacks
Related: Flaw in Siemens RTU Allows Remote Code Execution
由于对计算机依赖程度日益增加的新无线技术能够使汽车更安全、能耗更低、更现代化,与此同时,汽车遭黑客攻击已开始由以前的理论转入现实世界。
密码多长最合适?专家建议12位,仅长度并不够,如果使用身份证号码或手机号码,可能会方便了攻击者,所以复杂度也一定得考虑,要记住即复杂又长的密码,需要来一些技巧。

猜您喜欢

提高信息安全保密意识防范军事间谍活动
防止地理位置LBS泄露机密个人信息
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
我的交通标志规划更合理! 男子PS起了马路
HOSPITALDEOLHOS A1PLUS
工作环境安全之尾随防范