Siemens SICAM Products
Plan Patch7.8ICS-CERT ICSA-24-137-02May 14, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
Multiple SICAM products contain vulnerabilities that could lead to privilege escalation, remote code execution, or information loss. Affected products include CPC80 Central Processing/Communication (used in CP-8000/CP-8021/CP-8022), CPCI85 Central Processing/Communication (CP-8031/CP-8050), OPUPI0 AMQP/MQTT (CP-8031/CP-8050), and SICORE Base system (SICAM 8 Software Solution). These vulnerabilities relate to improper input validation and command injection (CWE-170, CWE-77, CWE-312).
What this means
What could happen
An attacker with local access to a SICAM device could escalate privileges, execute arbitrary commands, or access sensitive configuration and operational data. This could allow manipulation of process setpoints, disruption of communications between substations or control centers, or theft of grid configuration details.
Who's at risk
Siemens SICAM product users operating distribution automation and substation control systems should prioritize assessment and patching. The CPC80 module affects CP-8000/CP-8021/CP-8022 communication processors; CPCI85 and OPUPI0 affect CP-8031/CP-8050 processors used in SICAM A8000 and EGS systems; SICORE affects SICAM 8 software-based control systems. These are typically deployed in substations, remote terminal units (RTUs), or control centers in electric utilities and water authorities for SCADA and distribution automation.
How it could be exploited
An attacker with local access to the device (via physical connection, compromised engineering workstation, or local service account) could exploit improper input validation or command injection flaws to escalate privileges and execute arbitrary commands with system-level access. If the device is connected to a network, remote exploitation is possible if the attacker can reach the device through an internal network boundary.
Prerequisites
- Local or network access to the vulnerable SICAM device
- Device must be running affected firmware versions (CPC80 <V16.41, CPCI85 <V5.30, OPUPI0 <V5.30, SICORE <V1.3.0)
- No specific authentication credentials required per advisory
Local access required but could escalate to remote via networkLow EPSS score (0.6%) but CWE-77 indicates command injection riskNo patch required for workaround deployment (network isolation)Affects control system devices with operational impact if compromised
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
CPC80 Central Processing/Communication<V16.4116.41
CPCI85 Central Processing/Communication<V5.305.30
SICORE Base system<V1.3.01.3.0
OPUPI0 AMQP/MQTT<V5.305.30
Remediation & Mitigation
0/7
Do now
0/1WORKAROUNDRestrict network access to SICAM devices using firewall rules; do not expose to the internet
Schedule — requires maintenance window
0/4Patching may require device reboot — plan for process interruption
SICORE Base system
HOTFIXUpdate SICORE Base system to V1.3.0 or later (available in SICAM 8 Software Solution Package V5.30)
All products
HOTFIXUpdate CPC80 firmware to V16.41 or later (available in CP-8000/CP-8021/CP-8022 Package V16.41)
HOTFIXUpdate CPCI85 firmware to V5.30 or later (available in CP-8031/CP-8050 Package V5.30)
HOTFIXUpdate OPUPI0 firmware to V5.30 or later (available in CP-8031/CP-8050 Package V5.30)
Long-term hardening
0/2HARDENINGIsolate SICAM control system networks from business networks using network segmentation and firewalls
HARDENINGIf remote access is required, implement secure access methods such as VPN with current security patches
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/af20311c-6ee2-43d0-abe9-4635cc1e8fb1