Siemens SICAM MIC Authentication Bypass Vulnerability
Low RiskICS-CERT ICSA-15-195-01Apr 16, 2015
Summary
SICAM MIC versions prior to V2404 contain an authentication bypass vulnerability (CWE-288) that allows attackers to access the device's configuration and monitoring functions without valid credentials. The advisory does not provide specific technical details on the bypass mechanism. No vendor patch is available for this product.
What this means
What could happen
An attacker could bypass authentication on the SICAM MIC device and gain unauthorized access to its configuration and monitoring functions, potentially allowing them to alter communication settings or disconnect legitimate connections to the substation automation system.
Who's at risk
Utility operators and engineers responsible for substation automation systems using Siemens SICAM MIC devices for grid communication, monitoring, and redundancy management should be concerned with this vulnerability.
How it could be exploited
An attacker with network access to the SICAM MIC's authentication interface could send crafted requests that bypass the authentication check, gaining access to administrative functions without valid credentials. From there, they could reconfigure the device or monitor encrypted communications on the grid network.
Prerequisites
- Network access to SICAM MIC management interface (port/protocol not specified)
- No valid credentials required for initial bypass
remotely exploitableno authentication requiredlow complexityno patch availableaffects critical grid infrastructure
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (1)
ProductAffected VersionsFix Status
SICAM MIC: <V2404.<V2404.No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2WORKAROUNDDeploy firewall rules to deny all inbound connections to SICAM MIC except from trusted administrative networks
WORKAROUNDDisable remote access to SICAM MIC if not operationally required
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HARDENINGMonitor SICAM MIC authentication logs for failed or unauthorized access attempts
Mitigations - no patch available
0/1SICAM MIC: <V2404. has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to restrict access to SICAM MIC management interface to authorized engineering workstations only
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/f5aa61d3-1994-4722-95c1-2f7dbd12e8ab