Siemens SICAM P850 and SICAM P855

Act Now9.8ICS-CERT ICSA-22-132-07May 10, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in the webserver of SICAM P850 and SICAM P855 devices versions prior to 3.00. These include unauthenticated access to web-interface functionality, missing HTTPS encryption, impersonation flaws, and cross-site scripting (XSS) vulnerabilities. The vulnerabilities allow attackers to access sensitive functionality without credentials, intercept communications, and execute arbitrary code in the context of the web interface.

What this means

What could happen

An attacker with network access to the web interface could gain unauthorized access to device functionality, intercept communications, or execute arbitrary code without authentication, potentially allowing them to modify device configuration, disrupt monitoring, or alter control parameters.

Who's at risk

Water and electric utility operators responsible for substation monitoring and control systems that depend on SICAM P850 or P855 devices for situational awareness and asset management. These are critical for Supervisory Control and Data Acquisition (SCADA) and network monitoring in electrical substations and water distribution control centers.

How it could be exploited

An attacker on the network reaches the SICAM P850 or P855 web interface on the standard HTTP port. Because multiple functions lack authentication, the attacker can directly access sensitive functionality. The attacker can also inject malicious scripts into the web interface (XSS) or intercept unencrypted credentials and configuration data if HTTPS is not enforced.

Prerequisites

Network reachability to the SICAM P850 or P855 web interface (HTTP port)
Device running firmware version prior to 3.00
No authentication mechanisms enabled on vulnerable web interface endpoints

remotely exploitableno authentication required on vulnerable endpointslow complexity attackhigh CVSS score (9.8)affects critical infrastructure monitoring and control

Exploitability

Moderate exploit probability (EPSS 2.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SICAM P850<V3.003.00

SICAM P855<V3.003.00

Remediation & Mitigation

0/5

Do now

0/3

SICAM P850

HARDENINGRestrict network access to SICAM P850 and P855 web interfaces using firewall rules; allow only authorized engineering and monitoring stations

WORKAROUNDDo not access links from untrusted sources while logged in to SICAM P850 or P855 devices

All products

HARDENINGConfigure HTTPS enforcement and disable HTTP access to the web interface

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SICAM P850

HOTFIXUpdate SICAM P850 to Version 3.0 or later

SICAM P855

HOTFIXUpdate SICAM P855 to Version 3.0 or later

CVEs (11)

CVE-2022-29873 CVE-2022-29874 CVE-2022-29876 CVE-2022-29877 CVE-2022-29878 CVE-2022-29879 CVE-2022-29880 CVE-2022-29881 CVE-2022-29882 CVE-2022-29883 CVE-2022-29872

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/32b81350-1a07-43a2-87ce-3f40f6d928ca