Siemens SICAM Products

Plan PatchCVSS 9.8ICS-CERT ICSA-24-207-01Jul 22, 2024

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple Siemens SICAM products contain unauthorized password reset and firmware downgrade vulnerabilities in the CPCI85 Central Processing/Communication module and SICORE Base system. These flaws allow unauthenticated attackers with network access to reset administrator passwords or downgrade device firmware without valid credentials, leading to privilege escalation and information disclosure. Affected products include SICAM A8000 device firmware, SICAM EGS device firmware, and SICAM 8 Software Solution.

What this means

What could happen

An attacker could reset administrator passwords or downgrade firmware on SICAM A8000, SICAM EGS, or SICAM 8 systems without authentication, gaining full control over power grid or substation automation equipment and potentially disrupting critical energy distribution operations.

Who's at risk

Electric utilities, transmission operators, and energy companies operating Siemens SICAM A8000, SICAM EGS, or SICAM 8 systems for substation automation and power distribution control. This affects both the central processing units (CPCI85) and base software systems (SICORE) that manage grid equipment and switching operations.

How it could be exploited

An attacker with network access to the CPCI85 or SICORE interface can send specially crafted requests to trigger an unauthorized password reset or initiate a firmware downgrade without providing valid credentials. This allows the attacker to overwrite admin credentials or roll back to a version with known weaknesses, then log in with those credentials to modify device behavior or extract sensitive data.

Prerequisites

Network access to CPCI85 Central Processing/Communication or SICORE Base system interface
No authentication credentials required
Device must be reachable from attacker's network segment

Remotely exploitable over networkNo authentication requiredLow complexity to exploitCritical CVSS score (9.8)Affects industrial control system with no public exploit available yetPassword reset could lead to privilege escalationFirmware downgrade could enable other known vulnerabilities

Exploitability

Unlikely to be exploited — EPSS score 0.4%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

CPCI85 Central Processing/Communication<V5.405.40

SICORE Base system<V1.4.01.4.0

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable the auto-login feature on CPCI85 and SICORE systems (CVE-2024-37998)

HARDENINGRestrict network access to CPCI85 and SICORE interfaces using firewall rules; do not expose these management interfaces to untrusted networks or the internet

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

CPCI85 Central Processing/Communication

HOTFIXUpdate CPCI85 Central Processing/Communication to firmware version 5.40 or later

SICORE Base system

HOTFIXUpdate SICORE Base system to version 1.4.0 or later

Long-term hardening

0/1

HARDENINGIsolate SICAM device management networks from business networks using air-gapped or highly restricted connections

CVEs (2)

CVE-2024-37998 CVE-2024-39601

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a0b05b31-19e6-40e5-9da7-60076d125c56

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.