OTPulse
FeedAboutContact

Siemens SICAM A8000 Devices

Plan Patch7.5ICS-CERT ICSA-23-285-03Oct 10, 2023
Attack VectorNetwork
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

The web server in CPCI85 firmware of Siemens SICAM A8000 CP-8031 and CP-8050 master modules is affected by a path traversal vulnerability (CWE-22). An authenticated remote attacker could traverse directories on the system, download arbitrary files, and potentially escalate privileges to the administrator role. The vulnerability has high attack complexity and requires valid web server credentials.

What this means
What could happen
An authenticated attacker could download arbitrary files from the SICAM A8000 device and potentially escalate privileges to administrator level, which could allow them to modify device configuration or control settings affecting power system operation.
Who's at risk
Operators of Siemens SICAM A8000 substation automation systems using CP-8031 or CP-8050 master modules should assess their exposure. This affects energy distribution utilities and regional transmission operators that rely on these communication processors for SCADA or protection system networking.
How it could be exploited
An attacker with valid web server credentials can use path traversal (e.g., ../../../) in web requests to bypass directory restrictions and access files outside the intended web root. By downloading the correct configuration or authentication files, they could escalate to administrator privileges and reconfigure the device.
Prerequisites
  • Valid credentials for the integrated web server
  • Network access to the web server port on CP-8031 or CP-8050 module
  • Device running CPCI85 firmware version before V05.11
Remotely exploitableRequires valid credentialsHigh attack complexityNo patch available for affected firmware versionsAffects critical grid infrastructure (substation communication)
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
CP-8050 MASTER MODULE (6MF2805-0AA00)<CPCI85 V05.11CPCI85 V05.11 or later
CP-8031 MASTER MODULE (6MF2803-1AA00)<CPCI85 V05.11CPCI85 V05.11 or later
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict network access to the integrated web server using firewall rules or access control lists
HARDENINGReview and remove unnecessary user accounts from the web server; enforce strong passwords for all remaining accounts
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCI85 firmware to version V05.11 or later on all affected CP-8031 and CP-8050 modules
Long-term hardening
0/1
HARDENINGIsolate SICAM A8000 devices from the business network and internet using network segmentation and firewalls
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/b7af6054-c94c-442f-a478-1e4093ba710c
Siemens SICAM A8000 Devices | CVSS 7.5 - OTPulse