Professional Documents
Culture Documents
Cyber Security - Product Update Report: April 2020
Cyber Security - Product Update Report: April 2020
https://www.siemens.com/gridsecurity
Cyber Security - Product Updates
Dear customer,
Thank you for choosing our products to address your energy automation needs. This report provides an
overview on the latest security-related product updates released by Siemens for the SIPROTEC and SICAM
range of products, spanning:
Protection, Bay Controller and Fault Recorder
SIPROTEC 4
SIPROTEC 5
SIPROTEC Compact
Associated engineering and evaluation software
Substation Automation, RTUs and Power Quality
SICAM Substation Automation
SICAM A8000 / SICAM RTUs
SICAM Power Quality and Measurements
Should you have any questions or need further information in this regard, please contact your Siemens
Partner or our Customer Support Center at support.energy@siemens.com.
Reports Archive
You can retrieve the security update report for 2019 here, 2018 here, 2017 here, and for 2016 here.
Important Updates
Product Updates
April 2020: Firmware revision V4.20 released for SICAM A8000 CP-8050 RTUs with security-
relevant updates → click here for details
Security Advisories
April 2020: There were no security advisories or related updates released in April 2020
Jan-20 Feb-20 Mar-20 Apr-20 May-20 Jun-20 Jul-20 Aug-20 Sep-20 Oct-20 Nov-20 Dec-20 Most recent firmware
SIPROTEC 4 version with security
update
SECURITY UPDATE OVERVIEW
Overcurrent Protection
SIPROTEC 7SJ61, 7SJ62, 7SJ64 Advisory Click here for workarounds and
mitigations regarding the most
recent security advisory
SIPROTEC 7SJ66
Distance Protection
Transformer Protection
Busbar Protection
Generator Protection
Bay Controller
V/f-Relays
Breaker Management
Jan-20 Feb-20 Mar-20 Apr-20 May-20 Jun-20 Jul-20 Aug-20 Sep-20 Oct-20 Nov-20 Dec-20 Most recent firmware
SIPROTEC 4 version with security
update
SECURITY UPDATE OVERVIEW
Jan-20 Feb-20 Mar-20 Apr-20 May- Jun-20 Jul-20 Aug- Sep-20 Oct-20 Nov- Dec-20 Most recent firmware
SIPROTEC 5 20 20 20 version with security-
relevant update
SECURITY UPDATE OVERVIEW
Overcurrent Protection
SIPROTEC 7SJ82, 7SJ85, 7SJ86 Update V8.01 January 2020. Click here for
details on security-relevant updates
Distance Protection
SIPROTEC 7SA82, 7SA86, 7SA87 Update V8.01 January 2020. Click here for
details on security-relevant updates
SIPROTEC 7SD82, 7SD86, 7SD87 Update V8.01 January 2020. Click here for
details on security-relevant updates
SIPROTEC 7SL82, 7SL86, 7SL87 Update V8.01 January 2020. Click here for
details on security-relevant updates
Breaker Management
Transformer Protection
SIPROTEC 7UT82, 7UT85, 7UT86, 7UT87 Update V8.01 January 2020. Click here for
details on security-relevant updates
Motor Protection
SIPROTEC 7SK82, 7SK85 Update V8.01 January 2020. Click here for
details on security-relevant updates
Generator Protection
Busbar Protection
Bay Controller
SIPROTEC 6MD85, 6MD86 Update V8.01 January 2020. Click here for
details on security-relevant updates
Fault Recorder
Paralleling Device
SIPROTEC 5 Ethernet plug-in communication modules Update V8.01 January 2020. Click here for
details on security-relevant updates
Security-relevant Features
• New: VLAN support for IP-based protocols on the Ethernet plug-in module ETH-BD-2FO. On a single physical Ethernet port of the ETH-BD-2FO, customers can
now assign separate logical IP addresses that reside in different VLANs. For instance, management and maintenance protocols such as DIGI S 5 engineering,
RADIUS and Syslog can be assigned a logical IP address in the engineering VLAN on the one hand, and the IP-based process communication protocols such as
IEC 61850-MMS can be assigned a logical IP address in another process VLAN, both on the same physical Ethernet port of the ETH-BD-2FO module. This
achieves network segmentation without the need for separate physical wiring of the two different networks and the without the need for two different
communication modules on the SIPROTEC 5 relay.
• New: Certificate management support over the SIPROTEC 5 web browser UI interface. Customers can now assign digital certificates that are signed by their
own CA (certificate authority) to SIPROTEC 5 web server that is accessible over the relay’s Ethernet ports and the USB port. This can be achieved by
downloading certificate signing requests (CSRs) from the SIPROTEC 5 relay over the web browser UI, signing the CSRs with the customer’s CA and then
uploading the signed certificates back into the relay over the web browser UI. The CSR signing can be performed using any standard-based certificate
management software such as SICAM GridPass.
Overcurrent Protection
Motor Protection
No security updates in the past month Advisory Click here for workarounds and
mitigations regarding the most
recent security advisory
Feeder Protection
No security updates in the past month Advisory Click here for workarounds and
mitigations regarding the most
recent security advisory
Jan-20 Feb-20 Mar-20 Apr-20 May- Jun-20 Jul-20 Aug-20 Sep-20 Oct-20 Nov-20 Dec-20 Most recent software
SIPROTEC SOFTWARE 20 version with security-
relevant update
SECURITY UPDATE OVERVIEW
DIGSI 4
SIGRA
Security-relevant Features
- Digitally signed binaries: DIGSI 5 binaries (DLLs and EXEs) installed on the user’s computer bear a digital signature with a certificate issued by a publicly trusted CA.
This enables customers to apply strong application whitelisting on the DIGIS 5 installation using software such as Microsoft Windows Defender Application Control.
Substation Automation
SICAM SCC
Security Management
Short-Circuit Indicator
SICAM A8000 CP-8050 Update V4.20, Apr 2020. Click here for
more details on security updates
SM-2558 Ethernet-Interface
October 2019: Security related updates in SICAM A8000 and SICAM AK3 RTUs
We released the firmware revision V15 of the SICAM A8000 CP8000 RTU with the following security updates.
- Support of SNMP Digital Grid Product Inventory MIB
- Interface status (LINK up/down) can be read for ports X1 and X4 over SNMPv3
- Password policy can be configured
o minimum number of capital letters
Third-party Software Related Updates in SICAM A8000 CP-8000 Firmware V15 and SICAM AK3 Firmware V05
- OpenSSL version updated to 1.0.2r to address multiple reported vulnerabilities (see here → OpenSSL news)
Power Meter
SICAM Q100
System Software
SICAM PQS
SICAM PQ Analyzer
All rights reserved. For all products using security features of OpenSSL
Trademarks mentioned in this document are the the following shall apply:
property of Siemens AG, its affiliates, or their respective This product includes software developed by the
owners. OpenSSL Project for use in the OpenSSL Toolkit
Subject to change without prior notice. (www.openssl.org).
This product includes cryptographic software written
The information in this document contains general by Eric Young (eay@cryptsoft.com).
descriptions of the technical options available, which
may not apply in all cases. The required technical
options should therefore be specified in the contract.
Unrestricted