IT Security at Sprecher Automation
This site is updated on a regular basis and informs about the latest security topics and the respective products of Sprecher.
For further questions please contact:
info@sprecher-automation.com (general inquiries)
sprecon@sprecher-automation.com (SPRECON inquiries)
News
Security Advisory, Configuration-File Input Validation Vulnerability
Titel | Security Advisory, Configuration-File Input Validation Vulnerability |
Date | 14 October 2020 |
Relevance | SPRECON-E: affected, not critical SPRECON-V: not affected |
CVE-Code | CVE-2020-11496 |
Description | With reference to the article published on April 3, 2020, with the title: "Risk assessment of saved SPRECON-E configuration data", security improvements were announced for the SPRECON-E control firmware version 8.64b. Sprecher Automation would like to announce this advisory and declare the missing security improvement in the previous versions as a vulnerability with CVE-2020-11496. Thanks to Gregor Bonney, employee of CyberRange-e at Innogy for the responsible communication and coordination of the publication after the available firmware update 8.64b.
|
Vulnerabilities in Wibu Systems CodeMeter Runtime Software
Titel | Vulnerabilities in Wibu Systems CodeMeter Runtime Software |
Date | 10 September 2020 |
Relevance | SPRECON-E: not affected SPRECON-V: affected |
CVE-Code | CVE-2020-14513, 14519, 14509, 14517, 16233, and 14515 |
Description | Sprecher Automation informs about detailing several severe and also critical security vulnerabilities in different versions of the Wibu Systems CodeMeter User Runtime software. For more details, see attached vulnerability announcement for SPRECON-V460 |
Risk Klassfication of SPRECON-E Engineering Data
Titel | Risk Klassfication of SPRECON-E Engineering Data |
Date | 3 April 2020 |
Description | Sprecher Automation wants to support our customer in properly estimating the risk that is concerned with engineering data, which shall always be stored in a secure way taking into account proper measures for logical access control. The configuration of SPRECON-E devices is file-based; i.e. SPRECON-E engineering tools are used to create parameter files that are usually stored at MS Windows based engineering machines. A device engineer that properly authenticates at the devices and has write-permission can configure devices by downloading these parameter files via proprietary SPRECON-E engineering tools. An attacker that gains access to these files at rest (i.e. the office machines that are used for engineering) might change the content of the files by adding malicious commands without the device engineers taking notice. In case the device engineers download the manipulated files, the attacker was successful in bringing malicious commands to the device. Limitation: A user with access to proprietary SPRECON-E engineering tools needs to compile the finally downloadable parameter files (“PDL”) which adds proper checksums to the files so that these get accepted by the devices. In the end, a user has to authenticate at the targeted devices and have proper permissions in order to successfully bring the files to the target. |
Mitigation |
|
Workaround | Sprecher Automation will add additional security mechanisms to the SPRECON device firmware in order to isolate potentially manipulated commands in parameter files. These mechanisms will be available from SPRECON-E Control Firmware 8.64b upwards. |
SPRECON-V460 Editor: Uncontrolled Search Path Vulnerability
Titel | SPRECON-V460 Editor: Uncontrolled Search Path Vulnerability |
Date | 12 December 2019 |
Relevance | SPRECON-E: not affected |
CVE Code | CVE-2019-15638 |
Description | The vulnerability is present on all systems with a vulnerable version of the SPRECON-V460 editor installed. Under specific circumstances the SPRECON-V460 editor may load dll files provided by an attacker from a directory for which no administrator rights are required for writing files and execute code of the attacker in the context of the user that started the SPRECON-V460 editor explicitly open the .wsp6 file from this location. Systems with only the SPRECON-V460 runtime installed, are not affected. A CVSS v3 base score of 7.8 has been calculated for this vulnerability, which is identified as CVE-2019-15638. Oatchas are available from version 7.50. Also, it is recommended that .wp6 files must not be executed by default via SPRECON-V460 Editor. Additonal application whitelisting can also be used to mitigate this vulnerability. For details see the attached vulnerability information. |
Urgent 11 in Wind River VxWorks
Titel | Urgent 11 in Wind River VxWorks |
Date | 14 August 2019 |
Relevance | SPRECON-E: not affected |
CVE Code | CVE-2019-12255 to CVE-2019-12265 |
Description | This information is related to actual vulnerabilities in Wind River VxWorks RTOS. While SPRECON products do not use VxWorks directly, third party products might be affected that are usually delivered together with SPRECON in automation systems. The Armis research team, Armis Labs, have discovered 11 zero day vulnerabilities in VxWorks®, the most widely used operating system you may never heard about. VxWorks is used by over 2 billion devices including critical industrial, medical and enterprise devices. Dubbed “URGENT/11,” the vulnerabilities reside in VxWorks’ TCP/IP stack (IPnet), impacting all versions since version 6.5, and are a rare example of vulnerabilities found to affect the operating system over the last 13 years. Armis has worked closely with Wind River®, the maintainer of VxWorks, and the latest VxWorks 7 released on July 19 contains fixes for all the discovered vulnerabilities. For details see:
|
TCP SACK PANIC: Analysis for SPRECON
Titel | TCP SACK PANIC: Analysis for SPRECON |
Date | 30 June 2019 |
Relevance | SPRECON-E: partly affected |
CVE Code | CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 |
Description | Netflix discovered a critical vulnerability based on the combination of TCP Selective Acknowledgement (SACK) and TCP Minimum Segment Size (MSS) in Linux kernels. The sending of specific sequences of TCP SACK packets with low MSS can cause an Integer-Overflow, leading to kernel-panic. Hence, a denial-of-service can be the consequence leasind to potential unavailability of the device.
|
Security Updates for Meinberg LANTIME Firmware and NTP for Windows
Titel | Security Updates for Meinberg LANTIME Firmware and NTP for Windows |
Date | 30. March 2019 |
Relevance | SPRECON-E: not affected |
CVE Code | see Description |
Description | Meinberg published software updates which close NTP as well OpenSSL vulnerabilities. The NTP vulnerability is listed by NTP via the Bug "Sec 3565" and classified as MEDIUM. This vulnerability can be used by sending crafted, authenticated mode 6 packets. Hence, an exploit is only possible in case the packet is correctly authenticated and stems from a valid source. In the context of SPRECON, this vulnerability is not relevant as authenticated NTP is not in use so far. The addressed OpenSSL vulnerability with CVE 2019-1559 is also classified with Medium. Meinberg does not publish concrete cases or configurations under which the vulnerability can be critical to operators / users. Meinberg recommends to update to the fixed versions. Further details: https://www.meinbergglobal.com/english/sw/mbgsecurityadvisory.htm support.ntp.org/bin/view/Main/SecurityNotice https://nvd.nist.gov/vuln/detail/CVE-2019-1559 |
SPRECON-E: Authenticated path traversal vulnerability
Titel | SPRECON-E: Authenticated path traversal vulnerability |
Date | 31. March 2019 |
Relevance | SPRECON-E: affected |
CVE Code | - |
Description | The web interface (“SPRECON Webserver”) of the SPRECON components suffers from a path traversal vulnerability. A user which is authenticated on the web interface can download files with the permissions of the webserver (www-data). Files like "/etc/shadow" are not readable for the webserver, this is due to SPRECON’s defence-in-depth architecture. Limitation:
Solution:
Workaround:
CVSSv2 Base Score: 2.1 |
Vulnerabilities in Wibu Systems WibuKey Software components
Titel | Vulnerabilities in Wibu Systems WibuKey Software components |
Date | 26. February 2019 |
Relevance | SPRECON-E: not affected |
CVE Code | - |
Description | The WibuKey software is used for dongle licensing by the SPRECON-V460 editor, SPRECON-V460 runtime, SPRECON-V460 web server, SPRECON-V460 logic runtime, straton runtime, SPRECON-V460 logic workbench and the straton workbench, and for some versions is part of the installation of these software products. SPRECON-V460 versions 8.00 and higher exclusively use the CodeMeter Software from Wibu Systems and are not affected by these vulnerabilities. The SPRECON-V460 Analyzer exclusively uses the CodeMeter Software from Wibu Systems and is not affected by these issues.
Affected Components:
Note: The WibuKey Runtime software and / or WibuKey Dongles may also be used by software products from other vendors
Affected Version:
Patch Availability: Wibu Systems provides an updated version 6.50b – build 3323 of the WibuKey software that addresses the reported vulnerabilities.
Known Issues: The version 6.50 build 3307 of the WibuKey Runtime for Windows software has a known issue with parallel WibuKey dongles. On start-up of the SPRECON-V460 editor or the SPRECON-V460 runtime, an error message appears stating “Licensing failed: Function = WkbSelect2() The specified parameter is invalid (4)”. Acknowledging the error allows a normal start of the application with the license intact.
Mitigation: With versions SPRECON-V460 7.20 and older, the WibuKey Runtime software is installed automatically by the setup procedure, in order to be able to use WibuKey dongles without requiring a manual installation of this software. When the installed product uses either a CodeMeter Dongle or a soft license, the WibuKey Runtime software is not needed and can be uninstalled through the Windows control panel. Uninstalling the WibuKey Runtime software removes the vulnerabilities. When the installed product uses a WibuKey Dongle, uninstalling the WibuKey Runtime software removes the vulnerabilities but also fails to start the product with a valid Dongle License. In this case there is no mitigation and the updated version must be installed. With versions SPRECON-V460 7.50 and 7.60, the WibuKey Runtime software is no longer installed automatically as part of the setup procedure but is delivered together with the installation media. It is therefore possible, that the WibuKey Runtime software has been installed manually at some point but may not, or may no longer, be needed.
General Recommendations: Sprecher Automation generally recommends restricting local physical access to authorized people only. Network access shall be limit to communication that is absolutely required. Using VLANs and firewalls to segment network traffic and create zones and conduits, reduces exposure of vulnerable systems and allows access to a WibuKey WkLAN Server to be restricted to only those systems that are in fact using a network dongle. It is recommended that systems hosting a WibuKey WkLAN Server are not facing external networks. Sprecher Automation further recommends using application whitelisting to restrict execution of applications to only those applications that are required for the operation of the system.
Details: see attachment |
Cisco: Overview on potentially relevant vulnerabilities in the past 3 months
Titel | Cisco: Overview on potentially relevant vulnerabilities in the past 3 months |
Date | 30. November 2018 |
Relevance | SPRECON-E: not affected |
CVE Code | - |
Description | Cisco published several vulnerabilities for their ASA products:
The vulnerabilities CVE-2018-15397, CVE-2018-15399, CVE-2018-15454, and CVE-2018-15383 could lead to denial of service (DoS) conditions under certain circumstances, while two of them are categorised with criticality "High" by Cisco.
|
Meinberg Security Advisory [MBGSA-1802]
Titel | Meinberg Security Advisory [MBGSA-1802] |
Date | 30. November 2018 |
Relevance | SPRECON-E: not affected |
CVE Code | CVE-2018-12327, CVE-2018-7170, CVE-2018-0732 |
Description | Meinberg fixed vulnerabilities both in the used NTP implementation as well as in OpenSSL with a new firmware release.
|
SPRECON-E Kernel Update
Titel | SPRECON-E Kernel Update |
Date | 7. August 2018 |
Relevance | SPRECON-E: partly affected |
CVE Code | - |
Description | SPRECON-E: Kernel Update with Firmware 8.59 An update of SPRECON's operating-system-kernel has been finished. This update of the Linux kernel improves the defence-in-depth strategy of SPRECON-E products. |
Cisco: Overview on potentially relevant vulnerabilities in the past 3 months
Titel | Cisco: Overview on potentially relevant vulnerabilities in the past 3 months |
Date | 7. August 2018 |
Relevance | SPRECON-E: not affected |
CVE Code | see description |
Description | Cisco has published multiple vulnerabilities in Cisco ASA products. It is recommended to evaluate which ASA versions are in operation respectively if the vulnerabilities are relevant. • Denial-of-Service via Web , CVE-2018-0296 Access Control Flaw in CISCO Industrial Ethernet Switch Cisco as reported a vulnerability in IE switches. An unauthenticated remote attacker could execute a cross-site request forgery (CSRF) attack via the Device Manager web interface. The vulnerability has been assigned with CVSS 8.8 under CVE-2018-0255. Multiple vulnerabilities in CISCO IOS / IOS XE / IOS XR Multiple partly critical vulnerabilities in CISCO IOS software products have been reported. IOS is being used in manifold device families. Operators of CISCO devices are advised to evaluate, if vulnerable versions of IOS variantes are in operation respectively if the vulnerabilities are relevant. • IOS/IOS XE DHCP Option 82 Processing Bugs, |
Hirschmann Classic Platform switches: multiple vulnerabilities
Titel | Hirschmann Classic Platform switches: multiple vulnerabilities |
Date | 4. August 2018 |
Relevance | SPRECON-E: not affected |
CVE Code | see description |
Description | Vulnerabilities for several Hirschmann switch productlines have been published: Diese betreffen: a) „Session Fixation“ vulnerability, CVE-2018-5465,CVSS 3.0 Base Score 8.8 b) „Information Exposure“ vulnerability, , CVE-2018-5467, CVSS 3.0 Base Score 6.5 c) Cleartext Transmission of Sensitive Information vulnerability, CVE-2018-5471, CVSS 3.0 Base Score 5.9 d) Inadequate Encryption Strength vulnerability, CVE-2018-5461, CVSS 3.0 Base Score 6.5 e) Improper Restriction of Excessive Authentication Attempt vulnerability CVE-2018-5469, CVSS 3.0 Base Score 9.8
Workaround:
|
SPRECON-V460: Meltdown / Spectre
Titel | SPRECON-V460: Meltdown / Spectrepectre |
Date | 12. January 2018 |
Updated | 23. February 2018 |
Relevance | SPRECON-V: partly affected |
CVE Code | CVE-2017-5753, CVE-2017-5715, etc. |
UPDATE 1: | We can confirm that the following updates resolve several issues, caused by the Microsoft Security Update at the beginning of the year 2018.
|
Description | As already published in public media, several CPU chips from renowned manufacturers (Intel, AMD, etc.) are affected. Meltdown and Spectre use vulnerabilities such as faulty kernel-mappings in order to read arbitrary data from memory and disclose sensitive information.
Countermeasures:
|
Cisco ASA Double-Free Memory Error in SSL VPN Lets Remote Users Execute Arbitrary Code on the Target System
Titel | Cisco ASA Double-Free Memory Error in SSL VPN Lets Remote Users Execute Arbitrary Code on the Target System |
Date | 8. February 2018 |
Relevance | SPRECON-E: not affected |
CVE Code | CVE-2018-0101 |
Description | A remote user can send specially crafted XML packets to the target webvpn-configured interface to trigger a double-free memory error in the SSL VPN function and execute arbitrary code on the target system. Systems with the webvpn feature enabled are affected.
The following models are affected:
Countermeasures:
|
Cisco ASR 9000 Series Router IOS XR IPv6 Packet Processing Flaw Lets Remote Users Cause the Target System to Reload
Titel | Cisco ASR 9000 Series Router IOS XR IPv6 Packet Processing Flaw Lets Remote Users Cause the Target System to Reload |
Date | 8. February 2018 |
Relevance | SPRECON-E: not affected |
CVE Code | CVE-2018-0136 |
Description | A remote user can send specially crafted IPv6 packets with a fragment header extension to or through the target Trident-based line card to cause the line card to reload. Systems with Trident-based line cards that have IPv6 configured are affected. Trident-Based Line Cards:
Countermeasures:
|
SPRECON-E: Meltdown / Spectre
Titel | SPRECON-E: Meltdown / Spectrepectre |
Date | 12. January 2018 |
Relevance | SPRECON-E: partly affected |
CVE Code | CVE-2017-5753, CVE-2017-5715 |
Description | As already published in public media, several CPU chips from renowned manufacturers (Intel, AMD, etc.) are affected. One of these affected products is used within SPRECON-E Falcon CPUs (PU244x) on ARM basis. Other SPRECON-E products respectively CPU families are not affected. However, the resulting risk is marginal for SPRECON devices. Followingly the facts about this:
[1] https://developer.arm.com/support/security-update Affected Products:
|
Meinberg: Multiple vulnerabilities in web-userinterface
Titel | Meinberg: Multiple vulnerabilities in web-userinterface |
Date | 19. December 2017 |
Relevance | SPRECON-E: not affected |
CVE Code | CVE-2017-1678, CVE-2017-16787, CVE-2017-16788 |
Description | The company Meinberg informed about multiple vulnerabilities in its devices' web-userinterface as well as the NTP key generation. For details see the appropriate CVE codes, as well as http://www.ids.de/it-security/it-security-bulletin.html.
LTOS6-Firmware-Versionen before 6.24.004, which are used in LANTIME M-Series (M100, M200, M300, M400, M600, M900) as well as all devices of IMS-Series (M500, M1000, M1000S, M3000, M3000S, M4000) as well as SyncFire-Products (SF1000 / SF1100).
Countermeasures: Meinberg already released firmware version 6.24.004 where these vulnerabilities are fixed. Customers of Meinberg can download it via https://www.meinberg.de/german/sw/firmware.htm |
Cisco ASA Software Direct Authentication Denial of Service Vulnerability
Titel | Cisco ASA Software Direct Authentication Denial of Service Vulnerability |
Date | 16. Oktober 2017 |
Relevance | SPRECON-E: not affected |
CVE Code | CVE-2017-12246 |
Description | A vulnerability in the implementation of the direct authentication feature in Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.
This vulnerability affects Cisco Adaptive Security Appliance (ASA) Software that is running on the following Cisco products:
Countermeasures: Cisco has released free software updates that address the vulnerability. > https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-asa
|
ICS Malware "CRASHOVERRIDE"
Title | ICS Malware "CRASHOVERRIDE" |
Date | 14. Juni 2017 |
Relevance | SPRECON-V460 |
CVE Code | CVE-2015-5374 |
Desprition | A well-known security vendor recently discovered malware capable of affecting power grid operations, confirmed by Dragos as the malware used against Ukraine during late December 2016 power outage. The malware is highly modular supporting several protocols such as IEC 101, IEC 104, IEC 61850, and OPC Data Access (OPC DA). This malware also contains a data wiping component enabling destructive operations against the location machine, similar to the capability used against Ukraine in 2015.
Categorisation
> BBC News > WIN32/Industroyer: A new threat for industrial control systems > WIN32/Industroyer: Indicators of Compromise > Siemens Security Advisory by Siemens > BSI News
|
Ransom-Malware "WannaCry"
Title | Ransom-Malware "WannaCry" |
Date | 17th May 2017 |
Relevance | SPRECON-V460 Systems |
CVE Code | CVE-2017-0143, CVE-2017-0144, CVE-2017-0147, etc. |
Description | The ransomware WannaCry spreads across the internet since 12.5.2017. WannaCry is a ransomware, hence encrypts a set of defined filetypes on the affected computer's file system. It is highly critical, since it automatically distributes across a company's network infrastructure using several known vulnerabilities in Microsoft Windows. Since May, security patches are also available for older Windows versions such as Windows XP or Windows Server 2003.
> CERT.at: Ransomware/Wurm WannaCry > BSI: Tausende Clouds in Deutschland anfällig für Cyber-Attacken > Microsoft: Customer Guidance for WannaCrypt attacks > Microsoft: How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
|
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
Title | Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability |
Date | 16th May 2017 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2017-3881 |
Despription | A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
|
Notice: Confidential usage of ipsec.cfg configuration files
Title | Notice: Confidential usage of ipsec.cfg configuration files |
Date | 15th May 2017 |
Relevance | Users of IPSec VPN connections with SPRECON-E |
CVE Code | No CVE code, since no vulnerability" |
Description | Since firmware version 8.41, users are enabled to operate IPSec VPN connections with SPRECON control devices. The configuration therefore is done via the proper Security Editor tool, that offers a user interface for defining IPSec settings. Upon configuration, the users exports the propriertary file ipsec.cfg from this tool. This file can than be imported with the SPRECON Designer in order to integrate it into the process device list (main configuration file) which may then be downloaded to the device.
During IPSec configuration, the authentication of the IPSec pariticipant has to be defined. Depending on the chosen authentication method, either a pre-shared key or certificate may be used which in turn contains a private key. The vendor Sprecher Automation advises all users to maintain the confidentiality of these files, since they contain critical information.
Actually, ipsec.cfg files are equipped with a password-based protection mechanism against manipulation, which has been implemented majorly for protecting users against unauthorized alteration of the files. This is not a strong cryptographical encryption, which ensures confidentiality of those files against potential attacks. In order to support all customers, from SPRECON firmware 8.56 and Security Editor 1.03 a strong encryption will be applied to the ipsec.cfg files, to cryptographically ensure confidentiality and integrity of IPSec configurations.
|
Privilege Escalation in SPRECON-E Service Program
Title | Privilege Escalation in SPRECON-E Service Program |
Date | 21st December 2016 |
Relevance | SPRECON-E-C/-E-P/-E-T3: affected SPRECON-V460: not affected |
CVE Code | CVE-2016-10041 |
Description | Under certain preconditions, it is possible for a non-admin user to execute a telegram simulation. As prerequisites, a user has to open an online-connection to the device, validly authenticate and authorise as administrator, and execute telegram simulation. The online-connection subsequently has to be closed without closing the program. Faulty caching of client data then may allow a following non-admin user to execute telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to the service/maintenance computer. Additionally, a valid admin-user must have executed telegram simulation, then close the service connection beforehand without closing the program. Hence, there is no risk from external attackers.
Affected Product: SPRECON-E Service Program 3.42 SP0 Limitation:This vulnerability is only relevant if using role-based access control (RBAC) on SPRECON. RBAC is available since the following product versions:
SolutionSprecher Automation recommends to update SPRECON-E Service Program to version 3.43 SP0 or higher. An update of the Service Program can be done independently from device firmware and other related products. WorkaroundIf it can be ensured that the Service Program is being closed after each usage by a particular user, there is no risk from this vulnerability. |
![]() |
Partially critical vulnerabilities in CISCO ASA
Title | Partially critical vulnerabilities in CISCO ASA |
Date | 25th October 2016 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2016-6432 CVE-2016-6431 CVE-2016-6439 |
Description | Cisco closes several, partially critical, vulnerabilities with a new software update.
|
Multiple Vulnerabilities in Siemens SIPROTEC 4 and SIPROTEC Compact
Title | Multiple Vulnerabilities in Siemens SIPROTEC 4 and SIPROTEC Compact |
Date | 6th September 2016 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2016-7112 CVE-2016-7113 CVE-2016-7114 |
Description | The latest firmware update for SIPROTEC 4 and SIPROTEC Compact fixes multiple vulnerabilities, which are classified with CVSS-Scores from 7.8 to 10 according to cvedetails.com. The vulnerabilities exist within the EN100 Ethernet module.
|
Multiple Vulnerabilities in Meinberg NTP-Server
Title | Multiple Vulnerabilities in Meinberg NTP-Server |
Date | 10th August 2016 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | |
Description | The following products (versions before 6.20.004) have multiple critical security vulnerabilities:
CVE-2016-3962 and CVE-2016-3988 are Buffer-Overflow vulnerabilities in the time-server interface that enable remote-attackers to cause “denial-of-service” and allow the capture of sensitive information or manipulation of data.
|
Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability
Title | Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability |
Date | 11th October 2015 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2016-1287 |
Description | A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and IKE version 2 (v2) code of Cisco ASA Software could allow an unauthenticated remote attacker to cause a reload of the affected system or to execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. This could allow the attacker to execute arbitrary code and obtain full control of the system or to cause a reload of the affected system. Cisco has released software updates that address the vulnerability.
|
3S CODESYS Runtime Toolkit Null Pointer Dereference Vulnerability
Title | 3S CODESYS Runtime Toolkit Null Pointer Dereference Vulnerability |
Date | 15th October 2015 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2015-6482 |
Description | Tenable Network Security detected a “NULL pointer deference” security gap in the CODESYS Runtime Toolkit of 3S-Smart Software Solutions GmbH.
This gap allows an attacker to trigger a “denial of service” by causing the crash of the Runtime Toolkit. All CODESYS Runtime Toolkit versions < 2.4.7.48 are affected. |
VxWorks Fuzzing
Title | VxWorks Fuzzing |
Date | 14th September 2015 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | Not yet classified |
Description | The vulnerability of the widely used real-time embedded operating system VxWorks (versions 5.5 to incl. 6.9.4.1) of Wind River can be identified by Fuzzing.
By using this vulnerability, it is possible to provoke a buffer overflow via the network and then execute any code. Furthermore, the FTP server of the system could be crashed through a specific username and password (demonstrated at the security conference 44CON).
The latest generation – VxWorks version 7 – is not affected. |
#OprahSSL
Title | #OprahSSL |
Date | 6th July 2015 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2015-1793 |
Description | Security gap in OpenSSL – certificate verification bug: Under certain circumstances, OpenSSL does not verify the CA flag (certificate authority) of a certificate correctly. The CA mechanism, which validates the endpoint services, can be bypassed by the certificate verification bug. This allows the attacker to play the role of the intermediate CA and to sign own certificates for other websites. The error occurs in the latest OpenSSL versions (first half year 2015) 1.0.2c, 1.0.2b, 1.0.1n und 1.0.1o. |
LogJam
Title | LogJam |
Date | 9th June 2015 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2015-4000 |
Description | “LogJam” is a security gap in the Diffie-Hellman crypto protocol for encrypted connections of web-, mail-, SSH- and VPN-servers. Due to a weakness of the TLS process (Transport Layer Security), the key size can be reduced to unsecure 512 bit by a man-in-the-middle attack.
That allows to shift the HTTPS connections to the unsecure export mode and to compromise them. Generally, the 512 Bit key size is not used anymore, but some servers still support it for compatibility reasons. |
Corrective actions | Set Diffie-Hellman-Group on at least DH5 (1,536 Bits) at IPsec. |
Ghost
Title | Ghost |
Date | 10th February 2015 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | CVE-2015-0235 |
Description | “GHOST” is a security gap of the gethostbyname() function (standard C library: Glibc). Under certain circumstances, malware can be executed via malicious DNS-responses.
The gap arose with Glibc 2.2 (11/2000) and has been fixed within version 2.18 (01/2013). |
Schannel (Microsoft® Secure Channel)
Title | Schannel (Microsoft® Secure Channel) |
Date | 17th November 2014 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected 3rd-Party: Microsoft® Windows® Server 2003 SP2, Windows® Vista SP2, Windows® Server 2008 SP2 and R2 SP1, Windows® 7 SP1, Windows® 8, Windows® 8.1, Windows® Server 2012 Gold and R2, and Windows® RT Gold and 8.1 |
CVE Code | CVE-2014-6321 |
Description | The crypto component "Microsoft® Secure Channel" is also responsible for encrypted Internet connections. Microsoft® classified this security gap as critical (MS14-066). Through the Schannel security gap attackers can implant manipulated data packages via prepared websites and take over control of the computer. |
Corrective actions |
|
Poodle
Title | Poodle |
Date | 23rd Oktober 2014 |
Relevance | SPRECON-E-C/-E-P/-E-T3: Webserver SPRECON-V460: not affected 3rd-Party: IP camera access via browser (Chrome, Firefox, Internet Explorer,...) |
CVE Code | CVE-2014-3566 |
Description | If server and client of a TLS connection also support the previous versions of the protocol (i.e. due to compatibility reasons), attackers may force a backset to the older and vulnerable SSLv3 by a MiM (Man in the Middle) attack. Hence it is possible to disclose the session cookie and to take over the connection.
SSLv3 support (which was necessary due to compatibility reasons) will be terminated along with the next version of the SPRECON webserver. |
Corrective actions |
|
SandWorm
Title | SandWorm |
Date | 17th October 2014 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected 3rd-Party: Microsoft® applications, i.e. MS Office, all Windows® versions since Vista |
CVE Code | CVE-2014-4114 |
Description | SandWorm affects all Windows® operating systems since Windows® Vista. The security gap has been existing for six years and was discovered by the security company iSight in early September 2014.
Through an infected PowerPoint file, target computer can be intruded in order to place vital malware and spyware.
On Tuesday, 14th October 2014, Microsoft® released a security update (KB300061) against this gap. |
Bash-security gap: ShellShock
Title | ShellShock |
Date | 29th September 2014 |
Relevance | SPRECON-E-C/-E-P/-E-T3: not affected SPRECON-V460: not affected |
CVE Code | |
Description | Bash, the command line editor of OS X and Linux contains a significant security gap. Functions and therefore malware can be executed through variables.
Through media reports “ShellShock” has already gone public and experts compare it with the “Heartbleed” bug. After all, the security gap was classified by the CVE-database of NIST with 10 points (“maximum riskiness”). According to Github, malware attacks have already occured. |
Overview
IT Security
The challenges of designing future power grids are defined
by the integration of all participating producers, consumers and prosumers. The growing density together with the growing number of grid participants amplifies the attack vector on energy networks.
Therefore, approved technological solutions are required that meet the demands of modern information and communication technologies – especially regarding data management and data security.
Security standards
With SPRECON, Sprecher Automation introduces a modular automation platform for power transmission and distribution, which is particularly developed for critical infrastructures such as energy, information & communication technologies, transportation & traffic as well as water supply.
SPRECON systems, as well as all relevant business processes of Sprecher Automation, are ready-prepared to meet the specific future regulations.
SPRECON systems are in accordance with the IT security catalogue (§ 11 Abs. 1a EnWG) of the German Federal Network Agency (Bundesnetzagentur), the BDEW Security Whitepaper as well as the international standards of the ISO/IEC 27000 series (i. e. ISMS), IEC 62351 and IEC 62443.
Security functions
SPRECON devices provide comprehensive functions for
secure operation of energy stations:
- Secure communication of process data by VPN tunneling with OpenVPN or IPsec
- Integrated firewall
- Authentication at the end-point as well as password encryption
- Connection to RADIUS/LDAP (Directory Services) as well as local administration for Out-of-Band (OOB) network access
- Secure access for commissioning and service through Role-Based Access Control (RBAC) in the Service Program and Webserver
- System hardening by deactivation of non-required services, ports or webserver as well as through secured connection by Transport Layer Security (TLS)
- Network monitoring (security logging) via Syslog and SNMPv3
- Network segmentation with VPN, VLAN, firewall as well as independent physical interfaces
- Protection against malware due to applied SPRECON firmware as well as Application Whitelisting
SPRECON devices support VPN tunnelling for all IP-based services and protocols. The system provides consistent security and encryption by the CPU.
Together with the integrated modem or any other existing network SPRECON supports secure IP connections.The high-performance CPUs feature VPN tunnel
setup and data encryption either by multi-channel IPsec or OpenVPN. Both technologies are supported which allows applications under certain conditions such as specific platforms, network components or cryptographic requirements.
VPN connections – as usual for various projects – can be used for telecontrol or for communication with SCADA systems and may also be applied to secure communication between SPRECON devices. Full hardening is achieved through encryption of network services such as NTP.Additionally, SPRECON features a firewall which is directly integrated into the firmware and therefore into the devices. This minimises the amount of additional devices. The combination with external firewalls increases security in accordance with the Defense-in-Depth principle.
Furthermore, the system allows firewall extensions at level (Application Firewall) in order to monitor communication via domain-specific protocols such as IEC 60870-5-104 or to block telegrams of unauthorised devices in advance to potential compromising.
SPRECON systems also support the Syslog protocol which allows transfer of system messages via the network in order to analyse them preventively upon applied regulations.
Management of IT Security
For Sprecher Automation, IT security is a continuous corporate process, obtained by certain security administrators.
The production of security directives as well as coding directives for development and system design is based on clear guidelines. Also, vulnerability management and analysis tools are applied, that scan source code and applications against vulnerability databases in order to identify potential weaknesses.
The complete source code is in permanent posession of Sprecher Automation.
System hardening and secure system configuration are achieved by professional and approved routines.
With the experience gained from various reference installations meeting manifold security requirements – including projects with well-known research institutes – as well as through regularly based staff training, Sprecher Automation convinces of its competence in this indispensable technology.
Both manufacturing and final testing of the systems are conducted in Sprecher‘s headquarters in Linz, Austria.
Additionally, Sprecher Automation supports its customers with implementations of Information Security Management Systems (ISMS).
For roll-outs of security-relevant updates, Sprecher Automation is driving patch management processes. Furthermore, security problems are communicated via release notes.
Information on current security issues are continually announced at www.sprecher-automation.com under "IT Security".
Guidelines & Recommendations
IT security relevant guidelines and recommendations: