A vulnerability has been identified in IEC 61850 system configurator – CVE-2018-4858

When a lot of cyber security Guru focusing the nuclear power and critical facilities. It looks they also requires to includes the power substation. From techincal point of view, control central will be hardening both console and network environment. But how about the configuration console for substation? Does it allow install the configuration software (IEC 61850 system configurator) on notebook for outdoor work? Siemens IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC products are affected by a security vulnerability which could allow an attacker to either exfiltrate limited data from the system or to execute code with operating system user permissions. Cyber security attack will be exploited different channels. But the major pathway is the product vulnerabilities.

Official announcement by Siemens shown as below:

https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf

Status update: 30th Jul 2018

A vulnerability confirm by vendor that a Denial-of-Service occurs in EN100 Ethernet Communication Module and SIPROTEC 5 relays.

Official announcement by Siemens shown as below:

https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf