Siemens Patches Password Reconstruction Vulnerability in SICAM PAS

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned users several builds of energy automation software this week.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cautioned users who work in electrical substations to update certain builds of energy automation software this week.

ICS-CERT claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could enable an attacker to reconstruct passwords and obtain sensitive information under certain conditions.

Siemens, the German industrial automation technology company that manufactures the software, released an update to address the first vulnerability this week. Users are being encouraged to update to version 8.07 of SICAM PAS to mitigate that issue.

While the first vulnerability (CVE-2016-5848) stemmed from insufficiently protected credentials; the second (CVE-2016-5849) stemmed from an information exposure vulnerability in the database.

“An authenticated local attacker could possibly access sensitive configuration information from the SICAM PAS database file if the database is in a stopped state,” the advisory, published Thursday, warned.

Ilya Karpov and Dmitry Sklyarov, two researchers with Positive Technologies, discovered both vulnerabilities.

According to Siemens, the software figures into electrical substations that are deployed across the energy sector, worldwide. The ICS-CERT warning claims that an attacker with a low skill would be able to exploit the vulnerabilities but also claims that to exploit the flaws an attacker would have to have local access to the system and certain database privileges, something that limits the scope, somewhat.

Siemens claims that updating to 8.07 will fix the insufficient protected vulnerability but to fix the information exposure vulnerability users will have to email the company directly for further guidance.

ICS-CERT also warned of vulnerabilities in two other lines of programming software on Thursday.

The team, which deals with security related to industrial control systems, warned of two buffer overflow vulnerabilities in Eaton’s ELCSoft programming software and of three vulnerabilities – weak credential management, a CSRF vulnerability, and information leakage – in select AirLink gateways manufactured by Sierra Wireless.

Suggested articles