Siemens SICAM Q100

Act Now9.9ICS-CERT ICSA-22-314-11Nov 8, 2022

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

SICAM Q100 power meter devices prior to version 2.50 contain multiple vulnerabilities in session handling (CWE-384) and input validation (CWE-20) that could allow an authenticated attacker to hijack user sessions or inject custom code. These vulnerabilities are remotely exploitable with low attack complexity. Siemens has released firmware version 2.50 or later to address these issues. As a temporary mitigation, restrict network access to port 443/tcp to trusted IP addresses only.

What this means

What could happen

An attacker with valid user credentials could hijack a logged-in session or inject malicious code on the SICAM Q100 power meter, potentially allowing remote manipulation of metering data, grid monitoring functions, or underlying system processes.

Who's at risk

Energy sector operators running SICAM Q100 power meters should prioritize this issue. This includes transmission and distribution system operators (TSOs and DSOs), utilities managing secondary metering systems, and any organization relying on SICAM Q100 devices for power grid monitoring or measurement.

How it could be exploited

An attacker with network access to port 443/tcp and valid user credentials could exploit session handling or input validation flaws in the web interface to take over an active user session or inject code. Once authenticated, the attacker could alter device behavior or access sensitive grid telemetry.

Prerequisites

Network access to port 443/tcp (HTTPS)
Valid user credentials (username and password)
An active user session to hijack, or ability to send crafted requests to the web interface

remotely exploitablelow complexityvalid credentials requiredcritical CVSS (9.9)no publicly known exploit yet

Exploitability

Moderate exploit probability (EPSS 1.8%)

Affected products (1)

ProductAffected VersionsFix Status

POWER METER SICAM Q100<V2.502.50

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict access to port 443/tcp to trusted IP addresses only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM Q100 devices to firmware version 2.50 or later

Long-term hardening

0/2

HARDENINGImplement network segmentation and firewalls to isolate SICAM Q100 devices in a protected IT environment

HARDENINGReview and strengthen resilient protection schemes (redundant secondary protections) for critical power systems

CVEs (4)

CVE-2022-43398 CVE-2022-43439 CVE-2022-43545 CVE-2022-43546

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1b7c4b3e-be41-4e97-9f61-5ebc548e8b32