OREANDA-NEWS. Kaspersky Lab announced today the discovery of a critical vulnerability in popular energy equipment provided by Siemens, an equipment vendor, that could allow an attacker to remotely read the device's memory content through the module, gaining access to information that could be used for further attacks.

Siemens has already acknowledged the vulnerability and patched it as well as released an advisory with useful instructions on mitigation and updates. Kaspersky Lab urges any security specialists working for organizations that use this kind of equipment, to pay close attention to the advisory and follow its recommendations.

While performing a security assessment for a client in the critical infrastructure sector, Pavel Toporkov, senior application security specialist on the Kaspersky Lab Security Services team discovered a CVE-2016-4785 vulnerability that was then reported to Siemens to be addressed. The vulnerability was discovered in the network module of a Siemens SIPROTEC 4 protection relay – a device that is widely used in the energy equipment sector to protect the grid against short-circuits or critical power loads.

“Finding vulnerabilities like this is not our primary job but in our experience, when we undertake security assessment procedures, it’s almost inevitable that we will find something” said Sergey Gordeychik Deputy CTO, Services at Kaspersky Lab. “It’s our responsibility to report on every security weakness we find during our day to day work. This is a key part of our contribution to the security community. We would also like to thank ICS CERT for coordinating the disclosure of this vulnerability, and Siemens for its swift reaction to the news.”

During the last 12 months, Kaspersky Lab experts have responsibly disclosed more than 20 vulnerabilities in different hardware and software products: from consumer devices to industrial control systems and vehicle and railway routers.

About Kaspersky Lab

Kaspersky Lab is a global cybersecurity company founded in 1997. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats.