Siemens has patched several vulnerabilities, including authentication bypass and denial-of-service (DoS) flaws, in its SWT 3000 teleprotection devices.
The SWT 3000 teleprotection devices are designed for quickly identifying and isolating faults in high-voltage power grids. This Siemens product is used in the energy sector worldwide.
According to advisories published by both Siemens and ICS-CERT, medium severity vulnerabilities have been found in the EN100 Ethernet module used by SWT 3000 devices running IEC 61850 and TPOP firmware.
The flaws can be exploited to bypass authentication to the web interface and perform administrative operations (CVE-2016-7112, CVE-2016-7114), and cause devices to enter a DoS condition by sending specially crafted packets (CVE-2016-7113).
Flaws related to the product’s web server can be leveraged by a network attacker to obtain sensitive device information (CVE-2016-4784), and data from the device’s memory (CVE-2016-4785).
The security holes have been addressed in IEC 61850 firmware with the release of version 4.29.01. The TPOP firmware is affected by only three of the flaws. These have been fixed with the release of version 01.01.00.
As it’s apparent from the CVE identifiers, these vulnerabilities were actually discovered last year. They were reported to Siemens via ICS-CERT by researchers at HackerDom and Kaspersky Lab.
Siemens and ICS-CERT disclosed CVE-2016-4784 and CVE-2016-4785 in May 2016, when they warned that the flaws had affected SIPROTEC 4 and SIPROTEC Compact devices. An advisory published in September 2016 warned that the same products were also affected by CVE-2016-7112, CVE-2016-7114 and CVE-2016-7113.
In July 2017, Siemens informed customers that all five vulnerabilities also impacted Reyrolle devices, which provide a wide range of integrated protection, control, measurement, and automation functions for electrical substations.
Related: Siemens Patches Flaws in Automation, Power Distribution Products
Related: Serious Flaw Exposes Siemens Industrial Switches to Attacks
Related: Flaw in Siemens RTU Allows Remote Code Execution

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Cybersecurity M&A Roundup: 28 Deals Announced in September 2023
- Companies Address Impact of Exploited Libwebp Vulnerability
- Number of Internet-Exposed ICS Drops Below 100,000: Report
- Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks
- Recently Patched TeamCity Vulnerability Exploited to Hack Servers
- CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks
- NIST Publishes Final Version of 800-82r3 OT Security Guide
- Johnson Controls Hit by Ransomware
Latest News
- Dozens of Malicious NPM Packages Steal User, System Data
- Motel One Discloses Ransomware Attack Impacting Customer Data
- Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities
- Cybersecurity M&A Roundup: 28 Deals Announced in September 2023
- Companies Address Impact of Exploited Libwebp Vulnerability
- Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw
- European Telecommunications Standards Institute Discloses Data Breach
- Number of Internet-Exposed ICS Drops Below 100,000: Report
