Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)

Low Risk2.5ICS-CERT ICSA-16-182-02BApr 3, 2016

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

SICAM PAS versions prior to 8.08 contain information disclosure vulnerabilities in how sensitive data such as credentials and configuration parameters are stored and protected. A local user with low privileges can read files that should be restricted due to improper file-level access controls. The vulnerability affects storage of sensitive information (CWE-522) and information exposure (CWE-200).

What this means

What could happen

An attacker with local access and limited user privileges could read sensitive configuration or credential data stored on the SICAM PAS system, potentially exposing information needed for further attacks on the power system.

Who's at risk

Power system operators and engineers using Siemens SICAM PAS (versions prior to 8.08) for power system analysis and protection settings should be aware that local users on the affected servers could potentially access sensitive data. This affects any utility or industrial facility using SICAM PAS for SCADA or protection system engineering and configuration.

How it could be exploited

An attacker with local shell access to the SICAM PAS server could read files that contain stored credentials or sensitive configuration data due to improper access controls on those files. No remote exploitation is possible; the attacker must have local system access first.

Prerequisites

Local access to the SICAM PAS server
Low-privilege user account on the system
High attack complexity (requires specific conditions or timing)

No authentication required for file access once local access gainedLow attack complexityAffects credentials and sensitive configuration

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SICAM PAS: <8.08<8.08No fix (EOL)

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor SICAM PAS server logs for unauthorized file access attempts or unusual account activity

Mitigations - no patch available

0/2

SICAM PAS: <8.08 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGRestrict local access to SICAM PAS servers to only authorized personnel with legitimate administrative need

HARDENINGImplement operating system-level file permissions and access controls to limit which users can read sensitive configuration files and credential stores

CVEs (2)

CVE-2016-5848 CVE-2016-5849

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0e4560e8-bb5f-414e-ac80-03adb7a43160