Secheron SEPCOS Control and Protection Relay

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to obtain full, root access over the device in multiple ways. Initial footholds through S-Web interface software vulnerabilities could allow an attacker to obtain a level of control over the PLC's functions only the vendor typically has access to. This includes the ability to reset the PLC, upload arbitrary files / execute code, and change parameters for protective functions that can pose a range of availability and safety risks to the power system the PLC is configured to control (based on the specific implementation). Further exploitation of the underlying PLC misconfigurations can allow an attacker to trivially escalate privileges to OS root through either the S-Web vulnerabilities or FTP and SSH misconfigurations.

CVEs (7)

Remediations

• SEPCOS Single Package firmware (1.23.xx feature level): Update to 1.23.22 or higher version
• SEPCOS Single Package firmware (1.24.xx feature level): Update to 1.24.8 or higher version
• SEPCOS Single Package firmware (1.25.xx feature level): Update to 1.25.3 or higher version
• This version contains updates that resolve the discovered vulnerabilities for each feature level (SP1.23.xx, SP1.24.xx, and SP1.25.xx).
• System integrators and asset owners should contact a Secheron representative for further information on how to obtain updates.
• Configure the network such that PLC communications are strictly limited to only the devices required to perform its functions.
• Limit remote access and close Ports 80 and 443 at the switch level.
• Only use approved devices to connect to the PLCs. Do not connect personal peripherals (USB sticks, hotspots) to approved devices.
• Check device logs during periodic maintenance for unauthorized changes or access.

Affected Vendors

Affected Products (3)

Affected Sectors

Multiple