NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. Also recognize that VPN is only as secure as the connected devices. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available.
SICAM SCC update to v9.02 HF3 available at:.SICAM PQ Analyzer update to v3.11available at:.SICAM PAS/PQS update to v8.11 available at:.DIGSI 5 (affected as IEC 61850 system configurator is incorporated) – Uninstall IEC 61850 system configurator or update to v7.80 available at:.IEC 61850 system configurator update to v5.80 available at:.Siemens has released updates for the affected products and recommends users update to the newest version. Siemens ProductCERT reported this vulnerability to NCCIC. CRITICAL INFRASTRUCTURE SECTORS: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems.A CVSS v3 base score of 4.2 has been calculated the CVSS vector string is ( AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
SICAM SCC all versions prior to v9.02 HF3ģ.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER ACCESS CONTROL CWE-284Ī service of the affected products listening on all of the host’s network interfaces on either Port 4884/TCP, Port 5885/TCP, or Port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or execute code with Microsoft Windows user permissions.ĬVE-2018-4858 has been assigned to this vulnerability.SICAM PQ Analyzer all versions prior to v3.11, and.SICAM PAS/PQS all versions prior to v8.11,.DIGSI 5 (affected as IEC 61850 system configurator is incorporated) all versions prior to v7.80,.IEC 61850 system configurator all versions prior to v5.80,.The following versions of Siemens products are affected: Successful exploitation of this vulnerability could allow a remote attacker to exfiltrate limited data from the system or execute code with operating system user permissions. Equipment: IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC.