cyber security – product update report - siemens...november 19 cyber security - product update...
TRANSCRIPT
SIPROTEC and SICAM Cyber Security
Cyber Security – Product Update Report November 2019
https://www.siemens.com/gridsecurity
Cyber Security - Product Updates
Unrestricted
November 2019 2 Edition 1
November 19 Cyber Security - Product Update Report
November 2019 3 Edition 1
SIPROTEC & SICAM Product Security Update Report November 19
Dear customer,
Thank you for choosing our products to address your energy automation needs. This report provides an
overview on the latest security-related product updates released by Siemens for the SIPROTEC and SICAM
range of products, spanning:
Protection, Bay Controller and Fault Recorder
SIPROTEC 4
SIPROTEC 5
SIPROTEC Compact
Associated engineering and evaluation software
Substation Automation, RTUs and Power Quality
SICAM Substation Automation
SICAM A8000 / SICAM RTUs
SICAM Power Quality and Measurements
SICAM Accessories
Should you have any questions or need further information in this regard, please contact your Siemens
Partner or our Customer Support Center at [email protected].
Reports Archive You can retrieve the security update report for the year 2018 here, 2017 here, and for 2016 here.
Cyber Security - Product Updates
Unrestricted
November 2019 4 Edition 1
Security Updates for SIPROTEC and SICAM Products
Important Updates
Product Updates
November 2019: There were no product releases with security-relevant features in November 2019.
Security Advisories
November 2019: There were no security advisories or related updates released in November 2019.
Microsoft Windows Security Patch Compatibility Reports
The Microsoft Windows Security patch compatibility reports for the SIPROTEC and SICAM family of PC-based
software products can be found under Downloads tab → Software → Security Patch Management at this link:
https://new.siemens.com/global/en/products/energy/energy-automation-and-smart-grid/grid-security/product-security.html
Information related to Security Patch Management Practices
In order to maximize the operational security and availability of critical systems, Siemens strongly
recommends customers to upgrade to supported versions of Microsoft Windows operating systems and
Windows-based Siemens products, and to systematically practice security patch management. Siemens
recommends customers to sign up for its patch management and system maintenance services, which enable
customers to receive tailored security patch management recommendations with minimized delays.
November 19
Edition 1 5 November 2019
SIPROTEC 4 SECURITY UPDATE OVERVIEW
Jan-19 Feb-19 Mar-19 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Most recent firmware
version with security
update
Overcurrent Protection
SIPROTEC 7SJ61, 7SJ62, 7SJ64 Advisory
Update
V4.96, March 2019 (click for more
information)
SIPROTEC 7SJ66 V4.30, March 2018 (click for more
information)
Distance Protection
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Line Differential Protection
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Transformer Protection
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Busbar Protection
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Generator Protection
No security updates in the past month Mitigations and workarounds
available (click for more
Cyber Security - Product Updates
November 2019 6 Edition 1
SIPROTEC 4 SECURITY UPDATE OVERVIEW
Jan-19 Feb-19 Mar-19 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Most recent firmware
version with security
update
information)
High Speed Busbar Transfer
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Bay Controller
No security updates in the past month Mitigations and workarounds
available (click for more
information)
V/f-Relays
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Transient Earth Fault Relay
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Breaker Failure Protection
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Breaker Management
No security updates in the past month Mitigations and workarounds
available (click for more
November 19
Edition 1 7 November 2019
SIPROTEC 4 SECURITY UPDATE OVERVIEW
Jan-19 Feb-19 Mar-19 Apr-19 May-19 Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Most recent firmware
version with security
update
information)
SIPROTEC 4 – Communication Interfaces
IEC 61850 communication module Advisory V4.35, February 2019 (click for
more information)
DNP3 TCP communication module Advisory Mitigations and workarounds
available (click for more
information)
IEC 104 communication module Advisory V1.22, February 2019 (click for
more information)
PROFINET IO communication module Advisory Mitigations and workarounds
available (click for more
information)
MODBUS TCP communication module Advisory Mitigations and workarounds
available (click for more
information)
Communication module included in SIPROTEC
Merging Unit 6MU80
V1.02.02, July 2017 (click for more
information)
March 2019: SIPROTEC 4 Security Updates
In March 2019 we released the firmware version V4.96 for the SIPROTEC 4 7SJ61, 7SJ62 and 7SJ64 protection relay variants to address a security vulnerability. More
information can be found in our security advisory SSA-203306 on our ProductCERT website.
February 2019: SIPROTEC 4 Security Updates
In February 2019 we released the firmware version V4.35 for the EN100 E+/O+ IEC 61850 communication modules with the following security-relevant updates.
Cyber Security - Product Updates
November 2019 8 Edition 1
Security-relevant Updates
- New feature: SNMPv3 based monitoring of the EN100 hardware and firmware information for asset inventory management purposes - New feature: digitally signed firmware and signature verification during firmware update
Third-party Software Related Updates - Mbed TLS version updated to 2.7.0 to address reported vulnerabilities (see here → Mbed TLS release notes)
Security Advisories
- EN100 E+/O+ IEC 61850 Communication Module firmware version V4.35 addresses a security vulnerability. More information, including mitigations and workarounds for EN100 module variants with pending firmware updates are can be found in our security advisory SSA-104088 on our ProductCERT website
- EN100 E+/O+ IEC 104 Communication Module firmware version V1.22 addresses security vulnerabilities reported earlier in our security advisories SSA-635129 and SSA-845879. These advisories with updated information are available on our ProductCERT website
July 2018: SIPROTEC 4 Security Updates
Security Advisory SSA-635129 - EN100 E+/O+ IEC 61850 Communication Module firmware version V4.33 released to address a vulnerability. More information, including mitigations and
workarounds for EN100 module variants with pending firmware updates are can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
April 2018: SIPROTEC 4 Security Updates
Existing Security Advisories SSA-203306 and SSA-845879 Updated EN100 E+/O+ DNP3 TCP Communication Module firmware version V1.04 released to address multiple vulnerabilities. More information can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf and https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf
March 2018: SIPROTEC 4 Security Updates
Security Advisories SSA-203306 and SSA-845879 - EN100 E+/O+ IEC 61850 Communication Module firmware version V4.30 released to address multiple vulnerabilities. More information, including mitigations
and workarounds for EN100 module variants with pending firmware updates are can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf and https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf
November 19
Edition 1 9 November 2019
- SIPROTEC 4 protection relay firmware are affected with a vulnerability. SIPROETC 7SJ66 firmware version V4.30 released to address the vulnerability. More information, including mitigations and workarounds for relays with pending firmware updates are can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
October 2017: Security Updates for Products of the SIPROTEC 4 and SIPROTEC Compact Families
Security Advisories - SSA-323211: An existing security advisory SSA-323211 has been updated to correct the list of vulnerabilities affecting the SIPROTEC 7SJ66 device.
More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf
September 2017: Security Updates for Products of the SIPROTEC 4 and SIPROTEC Compact Families
Security Advisories - SSA-323211: An existing security advisory SSA-323211 has been updated to inform about the availability of firmware update V1.11.0 to the MODBUS TCP
communication protocol variant of our EN100 Ethernet module. More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf
July 2017: Security Updates for Products of the SIPROTEC 4 and SIPROTEC Compact Families
Security Advisory SSA-323211 - EN100 Ethernet Communication Module DNP3 TCP firmware version : V1.03 - EN100 Ethernet Communication Module IEC 104 firmware version : V1.21 - EN100 Ethernet Communication Module PROFINET IO firmware version : V1.04.01 - EN100 Ethernet Communication Module MODBUS TCP firmware version : V1.10.01 - EN100 Ethernet Communication Module included in SIPROTEC Merging Unit 6MU80: V1.02.02 - SIPROTEC 7SJ66 firmware version: V4.23
Multiple vulnerabilities have been addressed. More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf
September 2016: IEC 61850 Communication Module Security Update
Security Advisory SSA-630413 - Firmware version: V4.29
Multiple vulnerabilities have been addressed. More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf
Cyber Security - Product Updates
November 2019 10 Edition 1
November 19
Edition 1 11 November 2019
SIPROTEC 5 SECURITY UPDATE OVERVIEW
Jan-19 Feb-19 Mar-19 Apr-19 May-
19
Jun-19 Jul-19 Aug-
19
Sep-19 Oct-19 Nov-
19
Dec-19 Most recent firmware
version with security-
relevant update
Overcurrent Protection
SIPROTEC 7SJ82, 7SJ85, 7SJ86 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Distance Protection
SIPROTEC 7SA82, 7SA86, 7SA87 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Line Differential Protection
SIPROTEC 7SD82, 7SD86, 7SD87 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Line Differential and Distance Protection
SIPROTEC 7SL82, 7SL86, 7SL87 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Breaker Management
SIPROTEC 7VK87 Update Update V7.90 July 2019. Click here for details
on security-relevant updates
Transformer Protection
SIPROTEC 7UT82, 7UT85, 7UT86, 7UT87 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Motor Protection
SIPROTEC 7SK82, 7SK85 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Generator Protection
Cyber Security - Product Updates
November 2019 12 Edition 1
SIPROTEC 5 SECURITY UPDATE OVERVIEW
Jan-19 Feb-19 Mar-19 Apr-19 May-
19
Jun-19 Jul-19 Aug-
19
Sep-19 Oct-19 Nov-
19
Dec-19 Most recent firmware
version with security-
relevant update
SIPROTEC 7UM85 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Busbar Protection
SIPROTEC 7SS85 Update
V7.84 Feb 2019. Click here for details
on security-relevant updates
July 2019: Mitigations and
workarounds are available for reported
vulnerabilities
Bay Controller
SIPROTEC 6MD85, 6MD86 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
Fault Recorder
SIPROTEC 7KE85 Update
V7.84 Feb 2019. Click here for details
on security-relevant updates
July 2019: Mitigations and
workarounds are available for reported
vulnerabilities
Paralleling Device
SIPROTEC 7VE85 Update
Update V7.90 July 2019. Click here for details
on security-relevant updates
November 19
Edition 1 13 November 2019
July 2019: SIPROTEC 5 Security Updates
In July 2019 we released the version V7.90 for select SIPROTEC 5 device types (see table above) with the following security-relevant updates. Security-relevant Features
• Customer-authorized DIGSI 5 Instances: Customers can install their own client certificates for their DIGSI 5 installations so that only these instances (and just not any standard DIGSI 5 installation) can communicate with their SIPROTEC 5 IEDs. Customers can use SICAM GridPass or any other X.509 certificate manager to handle the client certificates and associated CA
• RADIUS-based user authentication has been enhanced on the SIPROTEC 5 HMI / front panel with support for numeric ID and passcode • Dropped support for TLS versions older than V1.2 for DIGSI 5 and web-browser communication
Security Advisory SSA-899560
- SIPROTEC 5 firmware version V7.90 and DIGSI 5 V7.90 releases also address security vulnerabilities. More information, including solutions, mitigations and workarounds can be found in: https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf
Third-party Software Related Updates OpenSSL version updated to 1.0.2r to address reported vulnerabilities (see here → OpenSSL news)
February 2019: SIPROTEC 5 Security Updates
In February 2019 we released the firmware version V7.84 for select SIPROTEC 5 device types (see table above) with the following security-relevant updates. Security-relevant Updates
- Support for TLS V1.1 and older versions, that were hitherto retained for backward compatibility with older DIGSI 5 versions, has been dropped in the device’s operational mode (process mode)
- Improvements related to RADIUS-protocol based user authentication on the Ethernet communication modules - Improvements in the firmware upload workflow when the RBAC function is active - Improvements related to loading of RBAC related settings to the device - Improvement related to security event logging functionality in the device
December 2018: SIPROTEC 5 Security Updates
In December 2018 we released the versions V7.82 and V7.58 for select SIPROTEC 5 device types (see table above) with the following security-relevant updates. Security-relevant Updates SIPROTEC 5 firmware version V7.82 fixes a defect, which prevented the Ethernet communication modules from establishing connection with the configured RADIUS server(s).
Cyber Security - Product Updates
November 2019 14 Edition 1
Security Advisory SSA-635129 SIPROTEC 5 firmware version V7.58 release addresses a vulnerability in the mainboard and in the Ethernet communication modules of the CP200 CPU variants of SIPROTEC 5 protection relays. More information: https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
Security Advisory SSA-104088 SIPROTEC 5 firmware version V7.82 release also addresses a vulnerability in the mainboard and in the Ethernet communication modules of SIPROTEC 5 protection relays. More information: https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf
July 2018: SIPROTEC 5 Security Updates
In July 2018 we released the version V7.80 for select SIPROTEC 5 device types (see table above) with the following security-relevant updates. Security-relevant Features
Role-based Access Control (RBAC) with central user management: o Centrally manage user accounts in RADIUS/ActiveDirectory and roles in RADIUS o Protection against unauthorized access to device over DIGSI 5, Web, and display panel thanks to the inbuilt RADIUS authentication und authorization option o Support for standard roles and rights in adherence to standards and guidelines such as IEC 62351-8, IEEE 1686 and BDEW Whitepaper o Emergency access possibility in case of interruption in RADIUS server communication
Assign write/read permissions at IP-port level:
o Assign at device port level (Mainboard Port J, Slot F/E/P/N) whether IP-based access of any nature (both engineering as well as process communication) are supported with full access, read-only access, or completely blocked
o This feature is independent of the RBAC feature for users, and can be defined individually for each device port
Enhancements to security event logging: o RBAC events are logged both inside the device and over Syslog UDP o Extended information is provided for events concerning control operations and settings changes
Security Advisory SSA-635129
- SIPROTEC 5 firmware version V7.80 release also addresses a vulnerability in the mainboard and in the Ethernet communication modules. More information, including mitigations and workarounds for SIPROTEC 5 variants with pending firmware updates are can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
November 19
Edition 1 15 November 2019
August 2017: Security-relevant updates in SIPROTEC 5 Firmware V7.50, covering select device types
In August 2017 we released the version V7.50 for select SIPROTEC 5 device types (see table above) with the following security-relevant updates. Security-relevant Features - New central logging functionality for security-relevant events and alarms (Syslog support): All security-relevant events and alarms that are recorded in the device-
internal security log can also be simultaneously transferred to central syslog servers, in order to facilitate substation-wide aggregation of all security-relevant events in keeping with requirements from standards and guidelines such as IEEE 1686, IEC 62443 and BDEW Whitepaper
Third-party Software Related Updates - Secure communication between DIGSI 5 and SIPROTEC 5 devices is handled on the device side with the OpenSSL component (https://www.openssl.org/).
The OpenSSL version has been updated to 1.0.2K to address multiple reported vulnerabilities: CVE-2017-3731, CVE-2017-3730, CVE-2017-3732, CVE-2016-7055 and others fixed by preceding OpenSSL versions.
July 2016: Security-relevant updates in SIPROTEC 5 Firmware V7.30, covering select device types
In July 2016 we released the version V7.30 for select SIPROTEC 5 device types (see table above) with the following security-relevant updates. Third-party Software Related Updates - Applied security fix to Wind River VXWorks to address CVE-2015-3963. Vendor Note: The VxWorks software generates predictable TCP initial sequence numbers
that may allow an attacker to predict the TCP initial sequence numbers from previous values, which may allow an attacker to spoof or disrupt TCP connections. - Secure communication between DIGSI 5 and SIPROTEC 5 devices is handled on the device side with the OpenSSL component (https://www.openssl.org/).
The OpenSSL version has been updated to 1.0.2H to address multiple reported vulnerabilities – CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-0703, CVE-2016-0704 and others fixed by preceding OpenSSL versions.
Cyber Security - Product Updates
November 2019 16 Edition 1
SIPROTEC COMPACT SECURITY UPDATE OVERVIEW
Jan-19 Feb-19 Mar-19 Apr-19 May-
19
Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Most recent firmware
version with security
update
Overcurrent Protection
SIPROTEC 7SJ80 V4.77, March 2018 (click for more
information)
Motor Protection
SIPROTEC 7SK80 V4.77, March 2018 (click for more
information)
Voltage and Frequency Protection
No security updates in the past month Mitigations and workarounds
available (click for more
information)
Line Differential Protection
SIPROTEC 7SD80 V4.70, May 2018 (click for more
information)
Feeder Protection
No security updates in the past month
Merging Unit
No security updates in the past month
SIPROTEC Compact – Communication Interfaces
IEC 61850 Communication module Advisory V4.35, February 2019 (click for
more information)
DNP3 TCP communication module Advisory Mitigations and workarounds
available (click for more
November 19
Edition 1 17 November 2019
information)
February 2019: SIPROTEC Compact Security Updates
Firmware version V4.35 has been released for EN100 E+/O+ IEC 61850 communication module with security updates, and security advisories have been released
and/or updated. Click here for more details.
July 2018: SIPROTEC Compact Security Updates
Security Advisory SSA-635129
EN100 E+/O+ IEC 61850 Communication Module firmware version V4.33 released to address a vulnerability. More information, including mitigations and workarounds
for EN100 module variants with pending firmware updates are can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
May 2018: SIPROTEC Compact Security Updates
Security Advisory SSA-203306 - SIPROTEC Compact 7SD80 protection relay firmware version V4.70 released to address a vulnerability. More information can be found under: https://cert-
portal.siemens.com/productcert/pdf/ssa-203306.pdf Security Advisory SSA-547990
- SIPROTEC Compact 7SD80 protection relay removed from the list of affected products. More information can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
April 2018: SIPROTEC Compact Security Updates
See here for more information.
March 2018: SIPROTEC Compact Security Updates
Security Advisories SSA-203306 and SSA-845879 - EN100 E+/O+ IEC 61850 Communication Module firmware version V4.30 released to address multiple vulnerabilities. More information can be found under:
https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf and https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf
Cyber Security - Product Updates
November 2019 18 Edition 1
- SIPROTEC Compact protection relay firmware are affected with a vulnerability. SIPROTEC Compact 7SJ80 and 7SK80 protection relay firmware version V4.77 released to address the vulnerability. More information, including mitigations and workarounds for relays with pending firmware updates are can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
-
June 2016: Security-relevant updates in SIPROTEC 7SJ80
Security Advisory SSA-574990 - Firmware version: V4.76
“Information Disclosure” vulnerabilities have been addressed. More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf
November 19
Edition 1 19 November 2019
SIPROTEC SOFTWARE SECURITY UPDATE OVERVIEW
Jan-19 Feb-19 Mar-19 Apr-19 May-
19
Jun-19 Jul-19 Aug-19 Sep-19 Oct-19 Nov-19 Dec-19 Most recent software
version with security-
relevant update
DIGSI 5 Update V7.90, July 2019. Click here for
details on security-relevant
updates.
DIGSI 4 V4.93, Nov 2018. Click here for
details on security-relevant updates
IEC 61850 System Configurator V5.80, June 2018. Click here for
more details on security-relevant
updates.
SIGRA V4.58, July 2016. Click here for
more details on security-relevant
updates.
July 2019: DIGSI 5 Security Updates
In July 2019 we released the DIGSI 5 software version V7.90 with the following security-relevant updates. Security-relevant Features - Role-based Views: Users can only view or operate those functionalities in DIGSI 5, that are permitted for their assigned roles
o Usage of (existing) central user administration with Microsoft Active Directory (AD) for role-based DIGSI 5 experience o Roles and rights correspond to standards and guidelines e.g. IEC 62351, IEEE 1686, BDEW Whitepaper o Works together with the RBAC feature in SIPROTEC 5 relays (offline / online transition of role-based views) o Users whose Windows accounts that are not centrally managed in AD can select their role-based views
- Dropped support for TLS versions older than V1.2 for engineering communication with SIPROTEC 5 relays and Ethernet plugin communication modules
Security Advisory SSA-899560
SIPROTEC 5 firmware version V7.90 and DIGSI 5 V7.90 releases also address security vulnerabilities. More information on solutions, mitigations and workarounds can
be found in: https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf
Cyber Security - Product Updates
November 2019 20 Edition 1
Nov 2018: DIGSI 4 Security Updates
Security Advisory SSA-159860
DIGSI 4 software version V4.93 addresses a security vulnerability. More information can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-
159860.pdf
June 2018: DIGSI 5 Security Updates
In June 2018 we released the version DIGSI 5 V7.80 with the following security-relevant updates. Security-relevant Features - Users can log in to SIPROTEC 5 device over DIGSI 5 with their centrally managed username and password when role-based access control (RBAC) with central user
management is activated in the device (new feature in SIPROTEC 5 firmware version V7.80.) Once logged in to the device, users are allowed to perform only those operations over DIGSI 5 that are authorized for the role(s) they have been assigned – unauthorized operations are denied by the device
- Configuration of RBAC settings and restricted Ethernet access settings for SIPROTEC 5 devices with firmware V7.80
Security Advisory SSA-159860
DIGSI 5 software version V7.80 addresses a security vulnerability. More information can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-
159860.pdf
June 2018: IEC 61850 System Configurator Security Updates
Security Advisory SSA-159860
IEC 61850 System Configurator software version V5.80 addresses a security vulnerability. More information can be found under: https://cert-
portal.siemens.com/productcert/pdf/ssa-159860.pdf
June 2018: DIGSI 4 Security Updates
Security Advisory SSA-159860 - All DIGSI 4 versions are affected with a security vulnerability, for which we are providing workarounds until we release a fix. More information can be found
under: https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf
November 19
Edition 1 21 November 2019
March 2018: DIGSI 4 Security Updates
Security Advisory SSA-203306 - DIGSI 4 software version V4.92 released to address multiple vulnerabilities. More information can be found under: https://cert-
portal.siemens.com/productcert/pdf/ssa-203306.pdf
August 2017: Security-relevant updates in DIGSI 5
In August 2017 we released the version DIGSI 5 V7.50 with the following security-relevant updates. Security-relevant Features - System-local logging of security-relevant DIGSI 5 engineering events - Configuration of new central logging functionality for security-relevant events on SIPROTEC 5 devices (Syslog) Third-party Software Related Updates
- Compatibility with Microsoft Windows 10 operating system
October 2016: Security-relevant updates in IEC 61850 System Configurator
In October 2016 we released the version IEC 61850 System Configurator V5.30 with the following security-relevant updates. Security-relevant Features - Digitally signed installation software Third-party Software Related Updates
- IEC 61850 System Configurator has been designed especially for the following operating systems: o Microsoft Windows 8.1 Professional and Enterprise 32- and 64-bit o Microsoft Windows 7 Ultimate/Enterprise and Professional 32- and 64-bit with Service Pack 1 o Microsoft Windows Server 2012 R2 64-bit with Service Pack 1 as workstation computer o VMWare support for the following operating systems – Microsoft Windows 7 Ultimate/Enterprise and Professional 32- and 64-bit with Service Pack 1,
Microsoft Windows 8.1 64-Bit
July 2016: Security-relevant updates in DIGSI 5
In July 2016 we released the version DIGSI 5 V7.30 with the following security-relevant updates.
Cyber Security - Product Updates
November 2019 22 Edition 1
Security-relevant Features - Digitally signed installation software Third-party Software Related Updates
- DIGSI 5 has been designed especially for the following operating systems: o Microsoft Windows 8.1 Enterprise 32- and 64-bit o Microsoft Windows 7 Ultimate/Enterprise and Professional 32- and 64-bit with Service Pack 1 o Microsoft Windows Server 2012 R2 64-bit with Service Pack 1 as workstation computer o VMWare support for the following operating systems – Microsoft Windows 7 Ultimate/Enterprise and Professional 32- and 64-bit with Service Pack 1,
Microsoft Windows 8.1 64-Bit July 2016: Security-relevant updates in SIGRA
In July 2016 we released the version SIGRA V4.58 with the following security-relevant updates. Security-relevant Features - Digitally signed installation software Third-party Software Related Updates
- SIGRA has been designed especially for the following operating systems: o Microsoft Windows 8.1 Enterprise 32- and 64-bit o Microsoft Windows 7 Ultimate/Enterprise and Professional 32- and 64-bit with Service Pack 1 o Microsoft Windows Server 2008 R2 64-bit as a workstation computer o VMWare support for the following operating systems – Microsoft Windows 7 Ultimate/Enterprise and Professional 32- and 64-bit with Service Pack 1
November 19
Edition 1 23 November 2019
SICAM SUBSTATION AUTOMATION
SECURITY UPDATE OVERVIEW
Jan-
19
Feb-
19
Mar-
19
Apr-
19
May-
19
Jun-19 Jul-19 Aug-
19
Sep-
19
Oct-
19
Nov-
19
Dec-
19
Most recent
software/firmware
version with security
update
Substation Automation
SICAM PAS Update V8.13, May 2019. Click here for
more details on security updates
HMI and Archiving
SICAM SCC V9.02 HF3, Nov 2018. Click here
for more details on security
updates
Security Management
SICAM GridPass Update Update V1.30 September 2019. Click here
for more details on security
updates
Short-Circuit Indicator
SICAM FCG – Fault Collector Gateway V1.00, June 2016. Click here for
more details on security updates
SICAM FSI – Fault Sensor Indicator V1.00, June 2016. Click here for
more details on security updates
September 2019: Security related updates in SICAM GridPass V1.30
We released the version SICAM GridPass V1.30 with the following security updates to its certificate management features: - Import of Entity certificates is now supported – PKCS12 with CA chain, entity certificate and entity private key or PEM with entity certificate - Additional security events supported (Syslog) - Released as a 64-bit Windows application - Further improvements
Cyber Security - Product Updates
November 2019 24 Edition 1
Third-party Software Related Updates - OpenSSL version updated to 1.1.1c (see here → OpenSSL 1.1.1 release notes) - SQLite version updated to version 3.28.0 (see here → SQLite 3.28.0 release notes)
June 2019: Security related updates in SICAM GridPass V1.20
We released the version SICAM GridPass V1.20 with the following security updates to its certificate management features: - Elliptic Curve Cryptography (ECC) support added for handling automated certificate signing requests over the EST protocol (Enrolment over Secure Transport, RFC
7030) - TLS 1.3 now supported for securing web browser-based administration
Third-party Software Related Updates - OpenSSL version updated to 1.1.1b to support TLS 1.3 (see here → OpenSSL 1.1.1 release notes)
May 2019: Security related updates in SICAM PAS V8.13
We released the version SICAM PAS/PQS V8.13 with the following security updates: - Support for automated digital certificate management using the Enrollment over Secure Transport (EST) protocol (see IEC 62351-9)
for securing the following protocols: o IEC 61850 Client and Server (TLS 1.2 transport-layer security as per IEC 62351-3 and IEC 62351-4) o IEC 60870-5-104 Master and Slave (TLS 1.2 transport-layer security as per IEC 62351-3 and IEC 62351-5) o DNP3i Master and Slave (TLS 1.2 transport-layer security as per IEC 62351-3 and IEC 62351-5) o This automated certificate management works with any EST server e.g. SICAM GridPass
- The asset information of the SICAM PAS/PQS installation can be monitored using SNMP using Network Management Systems (NMS) Third-party Software Related Updates - OpenSSL version updated to 1.0.2r to address reported vulnerabilities (see here → OpenSSL news) - NTP vulnerability CVE-2019-8936 has been fixed (see here → mitre page) - Support for Windows 10 version 1809 and Windows Server 2019 - Refer to Open Source Software (OSS) Readme for more details regarding other updates.
Nov 2018: Security related updates in SICAM PAS V8.12
We released the version SICAM PAS/PQS V8.12 with the following security updates. - The SICAM PAS Secure Communication Add-on is no longer supplied on CD. It is now installed together with SICAM PAS/PQS.
November 19
Edition 1 25 November 2019
Third-party Software Related Updates - OpenSSL version updated to 1.0.2p to address reported vulnerabilities (see here → OpenSSL news) - Refer to Open Source Software (OSS) Readme for more details regarding other updates.
Nov 2018: Security related updates in SICAM SCC V9.02
Security Advisory SSA-159860
SICAM SCC V9.02 HF3 addresses a security vulnerability. More information can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf
July 2018: Digital Certificate Management Product SICAM GridPass
In July 2018 we released SICAM GridPass V1.00 to ease digital certificate management in substations. Security-relevant features - Manage X.509 digital certificates for OT use - Create or import Certificate Authorities (CA) - Automated certificate signing and management using EST (enrollment over secure transport) protocol in adherence to IEC 62351-9 - Manual certificate creation and export incl. private key using PKI standards - Certificate Revocation List (CRL) distribution point service - Web-based engineering and administration - Role-based Access Control in adherence to IEC62351-8 with role-based views - Support for local users and RADIUS-based centrally managed users - Logging of security-relevant events over Syslog - Only one installation (software license for 50, 250, 1,000 or 10,000 clients) required in your network
June 2018: Security related updates in SICAM PAS/PQS
In June 2018 we released the version SICAM PAS/PQS V8.11 with the following security updates. Security-relevant features - All security event logs e.g. User login, log off, password change etc. can be additionally logged into a central Syslog server using the Syslog UDP protocol - Syslog parameters IP address, UDP port can be configured using SICAM PAS – User Administration - Secure Communication Add-on V8.11 updates:
o TLS V1.2 support for secure IEC 60870-5-104 and DNP3i master and slave communication protocols as per IEC 62351 requirements
Cyber Security - Product Updates
November 2019 26 Edition 1
o Updated secure authentication support for DNP3i master and slave communication protocols to Sav5 as per IEEE 1815-2012. Support for Sav5 authentication statistics counters is included. Backward compatibility to Sav4 is supported.
Security Advisory SSA-159860
- SICAM PAS/PQS V8.11 addresses a security vulnerability. More information can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf
June 2018: SICAM SCC Security Updates
Security Advisory SSA-159860 - All SICAM SCC versions are affected with a security vulnerability, for which we are providing workarounds until we release a fix. More information can be
found under: https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf
November 2017: Security related updates in SICAM PAS/PQS
In November 2017 we released the version SICAM PAS/PQS V8.10 with the following security updates. Third-party Software Related Updates - Added support for the following operating systems: Windows 10 IoT Enterprise LTSB (64-bit), Windows Server 2016 with Desktop Experience (64-bit) - OpenSSL version updated to 1.0.2k to address multiple reported vulnerabilities (see here → OpenSSL news)
June 2017: Security related updates in SICAM PAS/PQS
In June 2017 we released the version SICAM PAS/PQS V8.09 with the following security updates. Security Advisory SSA-946325 - An existing security advisory SSA-946325 has been updated.
More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf
Third-party Software Related Updates - NTP version updated to V4.2.8p10 to address multiple reported vulnerabilities (see here → NTP notices)
November 19
Edition 1 27 November 2019
May 2017: Security related updates in SICAM SCC
In May 2017 we released the version SICAM SCC V9.01, based on SIMATIC WinCC 7.4 SP1 with the following security related updates. Security-relevant features - SIMATIC WinCC 7.4 SP1 fixes vulnerabilities as reported on our ProductCERT website under advisories: SSA-701708, SSA-156872 - Support for the following operating systems: Windows Server 2016 64-bit (with SIMATIC WinCC 7.4 SP1 as basis), Windows 10 Professional & Enterprise 64-bit,
Windows Server 2008 R2 SP1 64-bit, Windows Server 2012 R2 64-bit, Windows 8.1 Professional / Enterprise 32-bit and 64-bit, Windows 7 Professional / Ultimate / Enterprise SP1 32-bit and 64-bit
- Virtualization with VMWare ESXi Server V6.5 (with SIMATIC WinCC 7.4 SP1 as basis)
Third-party Software Related Updates - NTP version updated to V4.2.8p10 to address multiple reported vulnerabilities (see here → NTP notices)
February 2017: Security related updates in SICAM SCC
In February 2017 we released the version SICAM SCC V9.00 with the following security related updates. Security-relevant features - Support for the following operating systems: Windows 10 Professional & Enterprise 64-bit (only with SIMATIC WinCC 7.4 as basis), Windows Server 2008 R2 SP1
64-bit, Windows Server 2012 R2 64-bit, Windows 8.1 Professional / Enterprise 32-bit and 64-bit, Windows 7 Professional / Ultimate / Enterprise SP1 32-bit and 64-bit
- Digitally signed installation files now also available for hotfixes
November 2016: Security related updates in SICAM PAS/PQS
In November 2016 we released the version SICAM PAS/PQS V8.08 with the following security updates. Security-relevant features - Three additional roles (according IEC62351-8) introduced in SICAM PAS/PQS – User Administration
o RBAC manager o Security administrator o Security auditor
- Support to export security logs
Security Advisories SSA-946325 and SSA-444217
Cyber Security - Product Updates
November 2019 28 Edition 1
- SSA-946325: Multiple vulnerabilities have been addressed n a new security advisory SSA-946325. More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf
- SSA-444217: An existing security advisory SSA-444217 has been updated. More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
Third-party Software Related Updates - OpenSSL version updated to 1.0.2j in the SICAM PAS Secure Communication Addon to address multiple reported vulnerabilities (see here → OpenSSL news) - 7-Zip version updated to V16.00 to address multiple reported vulnerabilities (see here → more information) - NTP version updated to V4.2.8p7 to address multiple reported vulnerabilities (see here → NTP notices)
June 2016: Security related updates to SICAM FCG
In June 2016 we released the SICAM FCG – “Fault Collector Gateway” - with firmware version V1.00 with the following security features.
Security-relevant features - The SICAM FCG’s short-range radio communication interface supports the device parameterization and the transmission of messages and measured values of
SICAM FSI devices. The information is transmitted in telegrams in a secured way. - The SICAM FCG communication to the control center can be executed based on the IEC 60870-5-104 via internet protocol security (IPSec) tunnel and GSM. - IPSec capabilities:
o Pre-shared key o IKE v1, v2 o Perfect Forward Secrecy o Symmetric encryption with AES-256, AES-192, AES-128, 3DES, DES o Authentication with HMAC-SHA1, HMAC-MD5 o IPSec tunnel supervision by ping
June 2016: Security related updates to SICAM FSI
In June 2016 we released the SICAM FSI – “Fault Sensor Indicator” - with firmware version V1.00 with the following security features.
Security-relevant features The SICAM FSI variant 6MD2314-1AB11 transfers earth fault and short circuit related data to a gateway (SICAM FCG) via a secured short-range radio connection.
November 19
Edition 1 29 November 2019
SICAM A8000 / SICAM RTUs SECURITY UPDATE OVERVIEW
Jan-
19
Feb-
19
Mar-
19
Apr-
19
May-
19
Jun-
19
Jul-19 Aug-
19
Sep-
19
Oct-
19
Nov-
19
Dec-
19
Most recent
software/firmware
version with security
update
SICAM A8000 CP-8000/21/22 Advisory Advisory Update V15, Oct 2019. Click here for
more details on security updates
SICAM A8000 CP-8050 Advisory Advisory Update V3, Mar 2019. Click here for more
details on security updates
SICAM RTUs – Engineering Software
SICAM AK3 Update V05, Oct 2019. Click here for
more details on security updates
SICAM RTUs – Communication Interfaces
SM-2558 Ethernet-Interface ETA4 Firmware Revision 08,
October 2016. Click here for more
details.
October 2019: Security related updated in SICAM A8000 and SICAM AK3 RTUs
We released the firmware revision V15 of the SICAM A8000 CP8000 RTU with the following security updates. - Support of SNMP Digital Grid Product Inventory MIB - Interface status (LINK up/down) can be read for ports X1 and X4 over SNMPv3 - Password policy can be configured
o minimum number of capital letters o minimum number of small letters o minimum number of special characters o minimum number of digits o minimum password length
Third-party Software Related Updates in SICAM A8000 CP-8000 Firmware V15 and SICAM AK3 Firmware V05 - OpenSSL version updated to 1.0.2r to address multiple reported vulnerabilities (see here → OpenSSL news)
Cyber Security - Product Updates
November 2019 30 Edition 1
March 2019: Security related updated in SICAM A8000 RTUs We released the firmware revision V03 of the SICAM A8000 CP8050 RTU with the following security updates. - Centralized role-based access control (RBAC) with central user management now also supported using LDAP over TLS 1.2 according to IEC 62351-8 PULL model
o Role information is resolved by retrieving the user’s attribute certificate or ID certificate from user account’s LDAP folder (e.g. in Active Directory) o This option is additional to the existing RADIUS based RBAC support
- Transport-layer security for IEC 61850-MMS communication (server and client) based on IEC 62351-4 and IEC 62351-3 now supported by ETI-5 Ethernet Interface firmware revision 0311
- AES256 encryption support for SNMPv3 - Emergency password (device-local account) can be changed via SNMPv3 - NTP protocol implementation now supports authentication with symmetric keys - Service forwarding via IPSec tunnel supported
February 2019: Security related updated in SICAM A8000 RTUs
Security Advisory SSA-579309 The CVSS score of the vulnerability reported in the security advisory has been updated. More information can be found in our security advisory SSA-579309 on our ProductCERT website.
January 2019: Security related updates in SICAM A8000 RTUs
Security Advisory SSA-579309 A denial-of-service (DoS) vulnerability has been addressed in SICAM A8000 RTUs. More information can be found in our security advisory SSA-579309 on our ProductCERT website.
October 2018: Security related updates in SICAM A8000 CP-8000 / 8021 / 8022
In October 2018 we released the firmware revision V14 for the SICAM A8000 variants CP-8000, CP-8021 and CP-8022 with the following security updates.
Security-relevant updates - Support for standard IEC 62351-8 roles as part of the improved role-based access control (RBAC) support - Support for local user management - Support for factory reset - Update of certificates and certificates authority with SICAM WEB - TCP/UDP Port filtering for Ethernet interfaces - Fix for a denial-of-service vulnerability. More details will be made available in an upcoming security advisory: SSA-579309 on our ProductCERT website. - Fix for an IP-address issue in CP-8022 for IPSec (IKEv2) after receiving new the IP address of GPRS-Service-Provider
Third-party Software Related Updates
November 19
Edition 1 31 November 2019
- Update to LIBARCHIVE 3.3.2 June 2018: Security related updates in SICAM A8000 CP-8050
In June 2018 we released the firmware revision V2.00 for the SICAM A8000 CP-8050 with the following security updates.
Security-relevant updates - Support for automated digital certificate management using the Enrollment over Secure Transport (EST) protocol (see IEC 62351-9):
o The CP-8050 EST client manages the lifecycle of certificates used to secure the IEC 104 master / slave protocol (see IEC 62351-3 and IEC 62351-5) using TLS
o With SICAM GridPass as the EST server - Support for SNTP - Support for IEEE 1588 master clock and ordinary clock - Support of SNMP Digital Grid Product Inventory MIB V1.0 - Support of RSTP with CI-8520 (LAN extension module) - Disable Ping for each LAN Interface - Fix for a denial-of-service vulnerability. More details will be made available in an upcoming security advisory: SSA-579309 on our ProductCERT website
February 2018: Security related updates in SICAM A8000 CP-8000 / 8021 / 8022
In February 2018 we released the firmware revision V13 for the SICAM A8000 variants CP-8000, CP-8021 and CP-8022 with the following security updates.
Third-party Software Related Updates - Update to Expat XML Parser 2.2.5 - Update to SQLite V3.21.0
October 2017: Security related updates in SICAM AK3 RTU
In October2017 we released the firmware revision 0401 of the SICAM AK3 RTU with the following security updates. Security-relevant features - Firmware signature is implemented - Transport-layer security for IEC60870-5-104 communication (master and slave) based on IEC 60870-5-7, IEC 62351-5 and IEC 62351-3 now supported by ETA-4
Ethernet Interface firmware revision 09: o up to 4 parallel IEC 104 connections secured o user certificates are supported
- Support of IPSEC IKEv2 and additional cipher suites: o AES 192, AES 256
Cyber Security - Product Updates
November 2019 32 Edition 1
o SHA384 o DH Group 5 and 14
- Following Ciphers are removed from auto-configuration: 3DES, MD5, DH Group 1 - SNMPv3 Enhancements
o AES128 and SHA1/SHA2 support (SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512) o IP address restricted SNMP access o Retrieval of firmware revision via SNMP with SICAM RTUs SNMP MIB V04.00.00 for asset monitoring
- Security event logging enhancements o Security logbook – All Syslog Events are written to a security logbook. The security logbook can be downloaded via SICAM Toolbox II o Syslog Prefix Text – A 32 Byte prefix text can be added to the every Syslog message o Syslog messages can be sent to a 2nd Syslog Server over the ETA-4 Ethernet interface firmware revision 09
Third-party Software Related Updates - OpenSSL version updated to 1.0.2k to address multiple reported vulnerabilities (see here → OpenSSL news)
June 2017: Security related updates in SICAM A8000 CP-8000/21/22 RTUs
In June 2017 we released the firmware version V12 of the SICAM A8000 CP-8000/21/22 products with the following security updates. Security-relevant features - Transport-layer security for IEC60870-5-104 communication (master and slave) based on IEC 60870-5-7, IEC 62351-5 and IEC 62351-3 now supported by ET84
Ethernet Interface firmware revision 05: o up to 4 parallel IEC 104 connections secured o user certificates are supported
- Firmware signature check is activated. Only firmware with valid signature are loaded - SNMPv3 enhancements
o included authentication protocol: AES128 o included privacy protocols: SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512 o Retrieve firmware revision with SICAM RTUs SNMP MIB V04.00.00
- Security event logging o New Syslog events logged by the inbuilt IEC 104 Whitelist Filter of the ET84 Ethernet interface firmware revision 05
▪ “Data message blocked by system internal WhiteList Filter” – logged upon detection of malformed IEC 104 packets ▪ “Data message in transmit direction blocked by activated WhiteList Filter” – Only defined telegrams (selected by type identification and cause of
transmission) will be sent in transmit direction to the remote network with the WhiteList Filter enabled. All undefined telegrams are blocked. o All Syslog Events are also written to a security logbook. This can be viewed and downloaded via SICAM WEB o A user-defined 32 Byte prefix text can be added to the every Syslog message
- IPSec enhancements
November 19
Edition 1 33 November 2019
o Remote ID can now be left empty (then the IP address will be used) while the Local ID is parameterized to use FQDN (e.g. “CMIC”) o Sub network mask for local IP V4 address can have the value 255.255.255.255 to protect a single host network when using IPSec
Third-party Software Related Updates - OpenSSL version updated to 1.0.2k to address multiple reported vulnerabilities (see here → OpenSSL news)
January 2017: Security related updates in SICAM A8000 CP-8050 RTUs
In January 2017 we released the firmware version V1 of our new RTU product SICAM A8000 CP-8050 with the following security updates. Security-relevant features - Role-based access control (RBAC) with support for IEC 62351-8 standard roles in device and in the engineering software SICAM TOOLBOX II - Support for both device-local user accounts and RADIUS-based central user management - Secured password storage - Digitally signed firmware - Secure factory reset of the device - Configurable SD card usage - Onboard firewall with rule generation and editing options - Onboard IPSec features for end-to-site communication security – up to 8 IPSec VPN tunnels supported - Security event logging both locally on device and via Syslog protocol – up to 2 configurable Syslog servers supported - Enable/disable the “Remote operations” feature with process data messages - BDEW whitepaper security conformance statement available
November 2016: Security related updates in SICAM A8000 CP-8000/21/22 RTUs
In November 2016 we released the firmware version V11 of the SICAM A8000 CP-8000/21/22 products with the following security updates. Security-relevant features - TLS 1.2 support for HTTPS - IPSec enhancements:
o Support for SHA384, DH groups 5 and 14 o Ciphers removed from auto-configuration: 3DES, MD5, DH Group 1
- Digitally signed firmware - Support for backup RADIUS server - Syslog messages can be sent to a second Syslog Server - Enable/disable the “Remote operations” feature with process data messages
Cyber Security - Product Updates
November 2019 34 Edition 1
Third-party Software Related Updates - Upgrade to SQLite 3.13.0 to address a reported vulnerability (see here → more information) - Upgrade to Expat XML Parser 2.2.0 to address multiple reported vulnerabilities (see here → Expat news)
October 2016: Security related updates to SM-2558 Ethernet Interface
Security Advisory SSA-296574 “Denial of Service” vulnerability has been addressed in the ETA4 firmware Revision 08 for IEC 60870-5-104 communication. More information can be found under: https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-296574.pdf
November 19
Edition 1 35 November 2019
SICAM POWER QUALITY & MEASUREMENTS
SECURITY UPDATE OVERVIEW
Jan-
19
Feb-
19
Mar-
19
Apr-
19
May-
19
Jun-19 Jul-19 Aug-
19
Sep-
19
Oct-
19
Nov-
19
Dec-
19
Most recent
software/firmware with
security update
Power Meter
No security updates in the past month
Digital Measurement and Transducer
No security updates in the past month
Power Quality Recorder
SICAM Q100 V1.30, October 2018. Click here
for more details on security
updates
SICAM Q200 V2.40, October 2018. Click here
for more details on security
updates
Power Quality Applications
No security updates in the past month
System Software
SICAM PQS V8.09, June 2017. Click here for
more details on security updates
SICAM PQ Analyzer V3.12, Nov 2018. Click here for
more details on security updates
November 2018: Security related updates to SICAM PQ Analyzer
We released the version SICAM PQ Analyzer V3.12 with the following security updates. Security-relevant updates
Cyber Security - Product Updates
November 2019 36 Edition 1
While the SICAM PQ Analyzer is connecting to an archive, the user is authenticated by default. Secure authentication can be disabled to allow access to the archive, for example, if both computers do not belong to the same domain. To disable the secure authentication feature, SICAM PAS/PQS V8.11 HF2 or later must be installed.
Third-party Software Related Updates Refer to Open Source Software (OSS) Readme for more details regarding these updates.
October 2018: Security related updates to SICAM Q200
In October 2018 we released the SICAM Q200 – “Multifunctional Power Recorder and Power Analyzer” - with firmware version V2.40 with support for standard roles
and rights in adherence to standards and guidelines such as IEC 62351-8, IEEE 1686 and BDEW Whitepaper
October 2018: Security related updates to SICAM Q100
In October 2018 we released the SICAM Q100 – “Power Quality Recorder” - with firmware version V1.30 for hardware variants /BB and /CC which introduces HTTPS-
secured web interface, as does firmware version V2.00 for hardware variant /DD.
June 2018: Security related updates to SICAM PQ Analyzer
Security Advisory SSA-159860 SICAM PAS/PQS V3.11 addresses a security vulnerability. More information can be found under: https://cert-portal.siemens.com/productcert/pdf/ssa-159860.pdf
April 2018: Security related updates to SICAM Q200
In April 2018 we released the SICAM Q200 – “Multifunctional Power Recorder and Power Analyzer” - with firmware version V2.20 with the following security features.
Security-relevant features - New central logging functionality for security-relevant events and alarms (Syslog support): All security-relevant events and alarms that are recorded in the device-
internal security log can also be simultaneously transferred to central syslog servers, in order to facilitate substation-wide aggregation of all security-relevant events in adherence to standards and guidelines such as IEEE 1686, IEC 62443 and BDEW Whitepaper
Third-party Software Related Updates - OpenSSL version updated to 1.0.2n to address multiple reported vulnerabilities (see here → OpenSSL news)
April 2018: Security related updates to SICAM Q100
In April 2018 we released the SICAM Q100 – “Power Quality Recorder” - with firmware version V2.00 with the following security features.
November 19
Edition 1 37 November 2019
Security-relevant features - Digitally signed firmware - Logging of security-relevant events in the password-protected device-internal audit log in adherence to standards and guidelines such as IEEE 1686, IEC 62443 and
BDEW Whitepaper
November 2017: Security related updates to SICAM Q200
In November 2017 we released the SICAM Q200 – “Multifunctional Power Recorder and Power Analyzer” - with firmware version V2.10 with the following security
features.
Security-relevant features - HTTPS-secured web interface with TLS 1.2 and TLS 1.1 support - Digitally signed firmware - Logging of security-relevant events in the password-protected device-internal audit log
November 2017: Security related updates in SICAM PQ Analyzer
In November 2017 we released the version SICAM PQ Analyzer V3.10 with the following security updates. Security-relevant updates - Added support for the following operating systems: Windows 10 IoT Enterprise LTSB (64-bit), Windows Server 2016 with Desktop Experience (64-bit)
June 2017: Security related updates in SICAM PQ Analyzer
In June 2017 we released the version SICAM PQ Analyzer V3.09 with the following security updates. Security-relevant features - Secure authentication: User credentials are checked while accessing Archive with SICAM PQ Analyzer or SICAM Collector Third-party Software Related Updates - NTP version updated to V4.2.8p10 to address multiple reported vulnerabilities (see here → NTP notices)
November 2016: Security related updates in SICAM PQ Analyzer
In November 2016 we released the version SICAM PQ Analyzer V3.08 with the following security updates.
Cyber Security - Product Updates
November 2019 38 Edition 1
Security-relevant features - Syslog Server Support
o User activities on SICAM PQS archives can be logged into Syslog server by configuring Syslog server information in SICAM PQS – User Administration o User activities on SICAM PQ Collector Archives can be logged into Syslog server by configuring Syslog server information in SICAM PQ Collector o All user activities on PQS Archive or SICAM PQ Collector archives are logged in Event logs by default
- Three additional roles (according to IEC62351-8) are introduced: o RBAC manager o Security administrator o Security auditor
Third-party Software Related Updates - Siemens Automation License Manager (ALM) updated to version V5.3 SP3 Update 1 to address multiple reported vulnerabilities (see here → advisory) - 7-Zip version updated to V16.00 to address multiple reported vulnerabilities (see here → more information)
August 2016: Security related updates to SICAM Q200
In August 2016 we released the SICAM Q200 – “Multifunctional Power Recorder and Power Analyzer” - with firmware version V1.00 with the following security
features.
Security-relevant features - Role-based access control - SNMPv3 with support for User-based Security Model (USM) as per RFC 3414.
ACCESSORIES SECURITY UPDATE OVERVIEW
Jan-
19
Feb-
19
Mar-
19
Apr-
19
May-
19
Jun-
19
Jul-19 Aug-
19
Sep-
19
Oct-
19
Nov-
19
Dec-
19
Most recent
software/firmware with
security update
No security updates in the past month
Unrestricted
Published by and copyright © 2019:
Siemens AG
Energy Management Division
Humboldtstr. 59
90459 Nuremberg, Germany
www.siemens.com/siprotec
www.siemens.com/sicam
For more information, please contact your Siemens
Partner or our Customer Support Center.
Phone: +49 180 524 70 00
Fax: +49 180 524 24 71
(Charges depending on the provider)
Email: [email protected]
All rights reserved.
Trademarks mentioned in this document are the
property of Siemens AG, its affiliates, or their respective
owners.
Subject to change without prior notice.
The information in this document contains general
descriptions of the technical options available, which
may not apply in all cases. The required technical
options should therefore be specified in the contract.
For all products using security features of OpenSSL
the following shall apply:
This product includes software developed by the
OpenSSL Project for use in the OpenSSL Toolkit
(www.openssl.org).
This product includes cryptographic software written
by Eric Young ([email protected]).