OTPulse
FeedAboutContact

Siemens SICAM GridEdge

Monitor6.3ICS-CERT ICSA-22-195-02Jul 12, 2022
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SICAM GridEdge contains an improper access control vulnerability (CWE-552) that allows persons with local access to the host system to inject an SSH key. CVSS 6.3 (medium). Siemens has released version 2.7.3 for SICAM GridEdge Classic and SICAM GridEdge Essential Intel. SICAM GridEdge Essential ARM variants are end-of-life with no planned fix.

What this means
What could happen
An attacker with local access to a SICAM GridEdge device could inject an SSH key to establish persistent unauthorized access, potentially allowing remote command execution on critical energy grid control systems.
Who's at risk
Energy utilities operating SICAM GridEdge devices in grid management, substation automation, or operational technology environments. Specifically affects SICAM GridEdge Classic and SICAM GridEdge Essential Intel versions prior to 2.7.3. SICAM GridEdge Essential ARM variants currently have no fix planned.
How it could be exploited
An attacker with physical access to the host system exploits improper access control to inject an SSH key into the system. Once injected, the attacker can use this key to establish SSH access to the device, either locally or remotely depending on network configuration and SSH port exposure.
Prerequisites
  • Physical access to the SICAM GridEdge device host system
  • SSH port (22/TCP) accessible (network exposure increases risk)
Requires local/physical access (reduces remote risk)Low complexity exploitationNo authentication required once physical access achievedAffects critical energy infrastructureSome product variants have no fix planned
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SICAM GridEdge (Classic)< 2.7.32.7.3
Remediation & Mitigation
0/5
Do now
0/2
HARDENINGRestrict physical access to SICAM GridEdge devices
WORKAROUNDRestrict network access to SSH port 22/TCP to trusted IP addresses only
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM GridEdge Essential Intel to version 2.7.3 or later
HOTFIXUpdate SICAM GridEdge Classic to version 2.7.3 or later
Long-term hardening
0/1
HARDENINGIsolate SICAM GridEdge devices behind firewalls from business networks and the Internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/978e941c-0ec4-41fb-8061-d6dba736d542
Siemens SICAM GridEdge | CVSS 6.3 - OTPulse