Siemens CPC80 Firmware of SICAM A8000

Plan Patch7.5ICS-CERT ICSA-22-195-14Jul 12, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A vulnerability in CPC80 firmware of SICAM A8000 CP-8000/CP-8021/CP-8022 master modules allows an unauthenticated remote attacker to cause a permanent denial of service condition. A specially crafted request to port 443/tcp triggers a resource leak that crashes the firmware, requiring manual restart. The vulnerability exists in CPC80 firmware versions below 16.30.

What this means

What could happen

An attacker can crash the CP-8000/CP-8021/CP-8022 master module remotely, causing permanent loss of communication and control for the entire SICAM A8000 station until manual restart. This results in loss of situational awareness and inability to control substation equipment.

Who's at risk

This affects water authorities and electric utilities operating Siemens SICAM A8000 substation automation stations equipped with CP-8000 (temperature-rated variants), CP-8021, or CP-8022 master modules. These are communication processors used to manage communications and provide control logic for distribution substations. Impact is direct on substation availability and remote terminal unit (RTU) functionality.

How it could be exploited

An attacker sends a specially crafted request to port 443/tcp (HTTPS) on an affected CP-8000/CP-8021/CP-8022 module without authentication. The malformed input triggers a resource leak that eventually exhausts memory and crashes the firmware, leaving the device unresponsive until physically restarted.

Prerequisites

Network reachability to port 443/tcp on the affected CP module
No authentication required
Device running CPC80 firmware version below 16.30

Remotely exploitableNo authentication requiredLow complexity attackNo patch available for affected versionsResource exhaustion leads to permanent denial of service

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

CP-8000 MASTER MODULE WITH I/O -25/+70°C<CPC80 V16.30CPC80 v16.30 or later

CP-8000 MASTER MODULE WITH I/O -40/+70°C<CPC80 V16.30CPC80 v16.30 or later

CP-8022 MASTER MODULE WITH GPRS<CPC80 V16.30CPC80 v16.30 or later

CP-8021 MASTER MODULE<CPC80 V16.30CPC80 v16.30 or later

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict network access to port 443/tcp to only trusted engineering workstations and management subnets using firewall rules

WORKAROUNDAvoid opening untrusted files or configuration uploads from unknown sources on affected products

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPC80 firmware to version 16.30 or later on all CP-8000, CP-8021, and CP-8022 modules

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate SICAM A8000 stations on a dedicated control network separate from general corporate IT

CVEs (1)

CVE-2022-29884

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0c7bdc26-9cd2-445c-a49a-f44f159c4571