Siemens SIPROTEC 4 Denial of Service Vulnerability (CVE-2015-5374)
Siemens SIPROTEC 4 Denial of Service Vulnerability (CVE-2015-5374)
Release date:
Updated on:
Affected Systems:
Siemens SIPROTEC 4 < V4.25
Description:
CVE (CAN) ID: CVE-2015-5374
SIPROTEC 4 and SIPROTEC Compact equipment can provide a wide range of centralized protection, control and automation functions for substations and other applications.
For Siemens SIPROTEC 4 and SIPROTEC Compact devices (firmware versions earlier than 4.25), The EN100 module has a security vulnerability. constructed packets are sent through UDP port 50000, which can cause DOS.
<* Source: Victor Nikitin
Link: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf
*>
Suggestion:
Vendor patch:
Siemens
-------
Siemens has released a Security Bulletin (SSA-732541) and patches for this:
SSA-732541: SSA-732541: Denial-of-Service Vulnerability in SIPROTEC 4
Link: http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf
Patch download:
Http://www.siemens.com/downloads/siprotec-compact
Http://www.siemens.com/downloads/siprotec-4
This article permanently updates the link address: