Siemens SICAM TOOLBOX II (Update A)

Act Now9.9ICS-CERT ICSA-22-041-05Feb 8, 2022

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SICAM TOOLBOX II contains a vulnerability that allows an authenticated attacker to bypass access control restrictions. The vulnerability affects all versions of the product. Attackers with valid credentials could circumvent access controls to gain unauthorized access or elevated privileges within the application, potentially allowing modification of critical protection schemes and grid control settings.

What this means

What could happen

An authenticated attacker could bypass access controls in SICAM TOOLBOX II to gain elevated privileges and modify critical power grid protection settings or configurations. This could degrade the reliability of secondary protection schemes that safeguard the power grid.

Who's at risk

Power grid operators (TSOs and DSOs), transmission and distribution utilities, and grid protection engineers who use SICAM TOOLBOX II to configure and manage secondary protection relays and grid protection schemes.

How it could be exploited

An attacker with valid credentials to SICAM TOOLBOX II could exploit the access control vulnerability to escalate privileges or circumvent authentication mechanisms. From there, they could modify protection schemes, relay settings, or grid control parameters that affect power system stability and fault response.

Prerequisites

Valid credentials (username/password) for SICAM TOOLBOX II
Network access to the SICAM TOOLBOX II application or server
User authentication already established or ability to authenticate

Requires valid credentialsAccess control bypassCritical infrastructure impactAffects power grid protection systemsNo patch available

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (1)

ProductAffected VersionsFix Status

SICAM TOOLBOX IIAll versionsNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGImplement network segmentation and firewall rules to restrict access to SICAM TOOLBOX II to authorized engineering workstations only

HARDENINGConfigure VPN or secure remote access controls for any off-site access to SICAM TOOLBOX II

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGAudit user accounts and credentials in SICAM TOOLBOX II; remove unused accounts and enforce strong password policies

HARDENINGMonitor SICAM TOOLBOX II access logs and configuration changes for signs of unauthorized activity

Mitigations - no patch available

0/1

SICAM TOOLBOX II has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:

HARDENINGReview and verify that multi-level redundant secondary protection schemes are in place and properly configured to withstand potential grid disruptions

CVEs (1)

CVE-2021-45106

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f9eca389-9509-4a1b-ac87-3900b4ca5931