Siemens SICAM GridEdge

Plan PatchCVSS 9.8ICS-CERT ICSA-22-167-08Jun 14, 2022

SiemensEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities exist in the SICAM GridEdge web server: missing authentication on critical API functions (CWE-306), lack of cross-origin resource sharing (CORS) restrictions (CWE-346), and exposure of stored credentials (CWE-402). These vulnerabilities allow unauthenticated network access to read sensitive data, modify system configuration, and potentially control grid edge operations. The vulnerabilities affect SICAM GridEdge Classic versions prior to 2.6.6, which includes all Essential variants (ARM, Intel, with/without GDS).

What this means

What could happen

An attacker on the network could access the SICAM GridEdge web interface without credentials and modify critical grid edge configurations or stop operations. The device controls communication between substations and grid management systems, so unauthorized changes could disrupt power distribution or monitoring.

Who's at risk

Energy utilities and grid operators running Siemens SICAM GridEdge devices should be concerned. This device is used at substations and control centers to manage communication between grid edge systems and the central grid management system. Any disruption or unauthorized configuration change could affect power delivery and grid visibility.

How it could be exploited

An attacker sends HTTP requests to the SICAM GridEdge web server (port 8900) directly without authentication. The missing API authentication allows the attacker to call functions that read stored credentials, modify system configuration, or control grid operations. No special tools or credentials are required.

Prerequisites

Network access to port 8900/TCP on the SICAM GridEdge device
No authentication required

remotely exploitableno authentication requiredlow complexityaffects critical grid infrastructurehigh CVSS score (9.8)

Exploitability

Unlikely to be exploited — EPSS score 0.7%

Affected products (1)

ProductAffected VersionsFix Status

SICAM GridEdge (Classic)< 2.6.62.6.6

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict access to port 8900/TCP to authorized engineering workstations and trusted administrative systems only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM GridEdge (all variants: Essential ARM, Essential Intel, Essential with GDS ARM, Essential with GDS Intel) to version 2.6.6 or later

Long-term hardening

0/1

HARDENINGSegment the SICAM GridEdge device on a dedicated industrial network separate from the business network and the Internet

CVEs (4)

CVE-2022-30228 CVE-2022-30229 CVE-2022-30230 CVE-2022-30231

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/34807617-ece1-4df6-a9c9-f51642e8b300

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.