Poor, ill-fated SIEMENS SIPROTEC relays…

The story started 6 years ago.

In July 2015, CISA issued a recommendation on the DoS vulnerability of certain SIEMENS SIPROTEC devices. SIEMENS released a firmware patch. The question is to what extent this has been taken into account by those concerned.

This would be of particular interest to know in the case of the Pivnichna substation 330/110/10 kV in Ukraine. After the attack in Ukraine on 23 December 2015, it was this Ukrainian substation that was the target of a cyber attack on 17 December 2016.

It is little known, but according to the analysis of the attack,

the SIEMENS SIPROTEC defences at the Pivnichna substation were among the targets of the attacker.

Fortunately, the attacker made a coding error, so this attack did not take place. Now, given this history, it would have been interesting to see what would have happened if the attacker had not made a coding error… Had the SIEMENS SIPROTEC defences in Pivnichna been patched at the time of the attack or not!

All this has become topical in the light of the fact that on 14 September CISA issued a recommendation on the vulnerability of SIPROTEC 5 defences among several SIEMENS products. SIEMENS has also issued a patch.

The case is reported in Industrial Cyber article Many security vulnerabilities detected in Siemens hardware used in critical infrastructure industry – Industrial Cyber

Only two questions remain to be answered:

Which companies affected by the current vulnerability will fix the vulnerability and by when?

Will an attacker try to exploit this vulnerability in this case, only this time they are not making a coding mistake?

What do you think?

We welcome messages either agreeing or disagreeing with the above. For example, by responding to them in a new post, a substantive professional exchange of views could be initiated.

Translated by DeepL