Kaspersky Lab Discovers Important Vulnerability in Popular Energy Equipment

24 Jun 2016
Press Releases

For more info, contact Alex Mednick - This email address is being protected from spambots. You need JavaScript enabled to view it.

While performing a security assessment for one of its clients in the critical infrastructure sector, the Kaspersky Lab Security Services team discovered an important vulnerability. The CVE-2016-4785 vulnerability could allow an attacker to remotely obtain a limited amount of device memory content from relay protection equipment. The vulnerability was reported to Siemens, the equipment vendor, and has already been patched.

kaspersky lab logo 1The vulnerability was discovered in the network module of a Siemens SIPROTEC 4 protection relay – a device that is widely used in the energy sector to protect the grid against short-circuits or critical power loads. A successful attack through this vulnerability would allow an attacker to remotely read some of the device's memory content through the module. This information could be used for further attacks. Siemens has acknowledged the vulnerability and has released an advisory with useful instructions on mitigation and updates. Kaspersky Lab urges any security specialists working for organizations that use this kind of equipment, to pay close attention to the advisory and follow its recommendations.

“Finding vulnerabilities like this is not our primary job, but experience shows us that when we undertake security assessment procedures, it’s almost inevitable that we will find something. The end user of vulnerable products usually has nothing to do with the vulnerability itself, and remains at risk of attack even if other parts of the IT infrastructure are organized and tuned rather well. For these reasons it’s our responsibility to report on every security weakness we find during our day to day work. This is a key part of our contribution to the security community. We would also like to thank ICS CERT for coordinating the disclosure of this vulnerability, and Siemens for its swift reaction to the news,” - said Sergey Gordeychik Deputy CTO, Services at Kaspersky Lab.

The vulnerability was discovered by Pavel Toporkov, senior application security specialist at Kaspersky Lab. During the last 12 months, Kaspersky Lab experts have responsibly disclosed more than 20 vulnerabilities in different hardware and software products: from consumer devices to industrial control systems and vehicle and railway routers.

Finding potential weaknesses in IT or industrial infrastructure is the key benefit of Penetration Testing and Security Assessment services, offered under the Kaspersky Security Intelligence Services umbrella. These services also include a diverse set of products aimed at faster delivery of security expertise to businesses: Security Training, Digital Forensics, Threat Data Feeds and Intelligence reporting. These services help companies to support all key aspects of cyber resilience strategies, including threat prevention and detection, attack response and prediction. More information about Security Intelligence Services can be found at Kaspersky Lab’s website.

 meetup logo new 5
  • 2018 Cleantech Open Acceleration Program

    2018 Cleantech Open Acceleration Program

    The Cleantech Open is ramping up their 2018 acceleration program here in the West. As in each of the past few years, their application deadline is on May 1. Click on the link to find out more about this exciting program. This may be your opportunity to make things happen! Read More
  • Are Cryptocurrencies Such As Bitcoin Sustainable?

    Are Cryptocurrencies Such As Bitcoin Sustainable?

    We are looking into the issue of whether or not cryptocurrencies such as Bitcoin are sustainable. As of this writing, the jury is still out. It is very controversial and many people do not want to touch them with a ten foot pole! Take a look at the presentation which has some good references to start your investigation. Read More
  • Shelkie Tao says -

    Shelkie Tao says - "Turn Your Garden Into A Water Efficient Garden!"

    Contact us to help you save water, get design inspiration for your garden, or connect with a landscaper. We are here to help you get the water efficient garden you have always wanted and need! Read More
  • Water Saver product now available at Home Depot!

    Water Saver product now available at Home Depot!

    Learn about a great product that provides for more efficient usage of water in the landscape. The Water Saver product is now available at Home Depot. Click on the title link above to learn more about the product and where to get it! Read More
  • Advertise In This Space! - Get Your Message To More People - Contact Us For More Information

    Advertise In This Space! - Get Your Message To More People - Contact Us For More Information

  • Santa Clara Agrihood Community Support Needed!

    Santa Clara Agrihood Community Support Needed!

    The Agrihood Project, which is destined to be located right near the corner of Stevens Creek Blvd and Winchester in Santa Clara needs your help to ensure the project proceeds in the right direction! Please read on and get involved! Read More
  • SCVWD WaterFix/Delta Tunnels Workshop on June 21, 2016!

    SCVWD WaterFix/Delta Tunnels Workshop on June 21, 2016!

    This is going to be an important meeting. If you cannot show up to vocalize your opposition to the WaterFix/Delta Tunnels Plan, then you can send in your comments to be read out load. Join us! Read More
  • 1

Our Partners

  • SVTAGS +

    Silicon Valley - Technology, Art, Green and Sustainability Read More
  • Simple Home Energy +

    Energy efficiency does not have to be complicated Read More
  • CSix Connect +

    Networking opportunities for people in transition Read More
  • Cleantech Open +

    Providing cleantech opportunities in business Read More
  • eve - Electric Vehicle Entrepreneurs +

    Bringing eve owners together Read More
  • 1

hap logo

HAP is doing a good job of informing the community on pesticide hazards.
Follow HAP and become involved with eliminating hazardous pesticides.