Siemens SICAM PAS Vulnerabilities

Act Now9.8ICS-CERT ICSA-16-336-01ASep 4, 2016

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Siemens SICAM PAS versions prior to 8.09 contain multiple critical vulnerabilities (CWE-257: weak password, CWE-552: path traversal, CWE-20: input validation, CWE-798: hardcoded credentials) that allow unauthenticated remote attackers to achieve full system compromise. The vulnerabilities enable reading and modification of substation data, disruption of protection and monitoring functions, and denial of service.

What this means

What could happen

An attacker could gain full control of the SICAM PAS system, reading or modifying substation data, disrupting power system monitoring and protection functions, or denying access to critical operational data.

Who's at risk

Operators of substation automation and monitoring systems using Siemens SICAM PAS platforms should be concerned. This includes utilities managing power distribution and transmission infrastructure where SICAM PAS serves as a data gateway or protection system interface.

How it could be exploited

An attacker with network access to the SICAM PAS system can send a specially crafted request without credentials to exploit the vulnerability. If successful, the attacker gains remote code execution with full system privileges, allowing arbitrary command execution on the device.

Prerequisites

Network access to SICAM PAS device on port 80 or applicable service port
No authentication required for exploit
Default or weak credentials may be present

remotely exploitableno authentication requiredlow complexityno patch availableaffects critical power system monitoring

Exploitability

Moderate exploit probability (EPSS 1.5%)

Affected products (1)

ProductAffected VersionsFix Status

SICAM PAS: <8.09<8.09No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGIsolate SICAM PAS systems from direct internet access; implement strict firewall rules allowing only known administrative workstations to connect to the device

HARDENINGChange default credentials and enforce strong passwords on all SICAM PAS accounts

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from SICAM PAS systems for suspicious patterns or unauthorized connection attempts

Mitigations - no patch available

0/1

SICAM PAS: <8.09 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGPlan evaluation and potential replacement of SICAM PAS systems, as no vendor patch is available and the product is no longer being updated

CVEs (4)

CVE-2016-8566 CVE-2016-9156 CVE-2016-9157 CVE-2016-8567

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ce690abe-3a92-4d36-ae61-82d7ba6dee00