Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Improper Access Control (CVE-2018-4858)

high Tenable OT Security Plugin ID 500286

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens has released updates for the affected products and recommends users update to the newest version.

- IEC 61850 system configurator update to v5.80 available at:

https://support.industry.siemens.com/cs/ww/en/view/109740546

- DIGSI 5 (affected as IEC 61850 system configurator is incorporated) – Uninstall IEC 61850 system configurator or update to v7.80 available at:

https://support.industry.siemens.com/cs/ww/en/view/109758531

- DIGIS 4 update to v4.93 available at:

https://support.industry.siemens.com/cs/ww/en/view/109740980

- SICAM PAS/PQS update to v8.11 available at:

https://support.industry.siemens.com/cs/us/en/view/109757831

- SICAM PQ Analyzer update to v3.11available at:

https://support.industry.siemens.com/cs/us/en/view/109757833

- SICAM SCC update to v9.02 HF3 available at:

https://support.industry.siemens.com/cs/ww/en/view/109745469

Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:

- Change firewall configuration to restrict access to Ports 4884/TCP, 5885/TCP or 5886/TCP to localhost (depending on the affected product in use).
- Follow secure substations security guidelines available at:

https://www.siemens.com/gridsecurity

For additional information see Siemens’ security advisory SSA-159860 at the following location:

http://www.siemens.com/cert/en/cert-security-advisories.htm

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf

https://ics-cert.us-cert.gov/advisories/ICSA-18-317-01

http://www.securityfocus.com/bid/105933

Plugin Details

Severity: High

ID: 500286

Version: 1.8

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-4858

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:sicam_scc_firmware:-, cpe:/o:siemens:digsi_5_firmware, cpe:/o:siemens:digsi_4_firmware:-, cpe:/o:siemens:sicam_pas%2fpqs_firmware, cpe:/o:siemens:sicam_pq_analyzer_firmware

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2018

Vulnerability Publication Date: 7/9/2018

Reference Information

CVE: CVE-2018-4858

ICSA: 18-317-01