ICSA-19-038-01 Siemens SICAM A8000 RTU Series
Monitor5.3ICS-CERT ICSA-19-038-01Jan 8, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The SICAM A8000 RTU series contains an improper error handling vulnerability in the web server that can cause the device to become unresponsive or crash. The vulnerability affects SICAM A8000 CP-8050 versions prior to V2.00, CP-8000 versions prior to V14, and CP-802X versions prior to V14. An attacker with network access to the web server can trigger the condition without requiring authentication.
What this means
What could happen
An attacker could make the RTU unresponsive or crash it by triggering improper error handling in the web server, disrupting remote monitoring and control of power substations or electrical distribution equipment.
Who's at risk
Operators and managers of electrical utilities and power distribution systems using Siemens SICAM A8000 Remote Terminal Units (RTUs) for substation monitoring and control should care about this vulnerability. Affected models include CP-8050, CP-8000, and CP-802X series RTUs used in SCADA and distribution automation systems.
How it could be exploited
An attacker with network access to the RTU's web server (ports 80 or 443) sends a crafted request that triggers unhandled error conditions, causing the device to become unresponsive. No authentication is required.
Prerequisites
- Network access to SICAM A8000 RTU on ports 80/TCP or 443/TCP
- No credentials required
remotely exploitableno authentication requiredlow complexityaffects critical electrical infrastructureaffects remote monitoring/control devices
Exploitability
Low exploit probability (EPSS 0.7%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
SICAM A8000 CP-8050<V2.00V2.00 or later
SICAM A8000 CP-8000<V14V14 or later
SICAM A8000 CP-802X<V14V14 or later
Remediation & Mitigation
0/6
Do now
0/1WORKAROUNDBlock external access to RTU web server ports 80/TCP and 443/TCP using firewall rules
Schedule — requires maintenance window
0/3Patching may require device reboot — plan for process interruption
SICAM A8000 CP-8050
HOTFIXUpdate SICAM A8000 CP-8050 to version V2.00 or later
SICAM A8000 CP-8000
HOTFIXUpdate SICAM A8000 CP-8000 to version V14 or later
SICAM A8000 CP-802X
HOTFIXUpdate SICAM A8000 CP-802X to version V14 or later
Long-term hardening
0/2HARDENINGEnsure RTU is not directly accessible from the Internet; place behind firewall and isolate from business network
HARDENINGApply Defense-in-Depth strategy for SICAM A8000 deployment
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/55046b83-b4ee-409e-a2c5-032ff9f46b5b