Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Industrial network security vulnerability

Kaspersky Lab UK : 29 June, 2016  (Technical Article)
Kaspersky Lab uncovers remote relay protection equipment access vulnerability affecting critical infrastructure
Industrial network security vulnerability

While performing a security assessment for one of its clients in the critical infrastructure sector, the Kaspersky Lab Security Services team discovered an important vulnerability. The CVE-2016-4785 vulnerability could allow an attacker to remotely obtain a limited amount of device memory content from relay protection equipment. The vulnerability was reported to Siemens, the equipment vendor, and has already been patched.

The vulnerability was discovered in the network module of a Siemens SIPROTEC 4 protection relay – a device that is widely used in the energy sector to protect the grid against short-circuits or critical power loads. A successful attack through this vulnerability would allow an attacker to remotely read some of the device's memory content through the module. This information could be used for further attacks.

Siemens has acknowledged the vulnerability and has released an advisory with useful instructions on mitigation and updates. Kaspersky Lab urges any security specialists working for organisations that use this kind of equipment to pay close attention to the advisory and follow its recommendations.

“Finding vulnerabilities like this is not our primary job, but experience shows us that when we undertake security assessment procedures, it’s almost inevitable that we will find something. The end user of vulnerable products usually has nothing to do with the vulnerability itself and remains at risk of attack, even if other parts of the IT infrastructure are organised and tuned rather well. For these reasons, it’s our responsibility to report on every security weakness we find during our day to day work. This is a key part of our contribution to the security community. We would also like to thank ICS CERT for coordinating the disclosure of this vulnerability and Siemens for its swift reaction to the news” - said Sergey Gordeychik Deputy CTO, Services at Kaspersky Lab.

The vulnerability was discovered by Pavel Toporkov, senior application security specialist at Kaspersky Lab.

During the last 12 months, Kaspersky Lab experts have responsibly disclosed more than 20 vulnerabilities in different hardware and software products: from consumer devices to industrial control systems and vehicle and railway routers.

Finding potential weaknesses in IT or industrial infrastructure is the key benefit of Penetration Testing and Security Assessment services, offered under the Kaspersky Security Intelligence Services umbrella. These services also include a diverse set of products aimed at faster delivery of security expertise to businesses: Security Training, Digital Forensics, Threat Data Feeds and Intelligence reporting. These services help companies to support all key aspects of cyber resilience strategies, including threat prevention and detection, attack response and prediction.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo