OTPulse
FeedAboutContact

Siemens CPCI85 Central Processing/Communication 

Monitor4.6ICS-CERT ICSA-24-347-01Dec 10, 2024
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

The CPCI85 Central Processing/Communication module contains a vulnerability that allows an attacker with physical access to decrypt the firmware. Encrypted firmware can be extracted and decrypted offline, potentially exposing hardcoded credentials and sensitive configuration data. The vulnerability affects CPCI85 versions prior to V05.30. Siemens has released a firmware update (V05.30) to address the issue.

What this means
What could happen
An attacker with physical access to a CPCI85 device could decrypt the firmware, potentially allowing extraction of sensitive configuration and credential information stored on the device. This could compromise operational security if extracted data is used to gain unauthorized access to control functions.
Who's at risk
Water utilities and electric utilities using Siemens SICAM A8000 protection and control systems, specifically those deployed with CPCI85 Central Processing/Communication modules in substations or control facilities. Any critical infrastructure relying on these devices for control, protection, or communication functions is affected.
How it could be exploited
An attacker must physically open or access the CPCI85 device and extract the firmware from its storage (likely via JTAG, SPI, or similar interface). The encrypted firmware can then be decrypted offline, potentially revealing hardcoded credentials or other sensitive configuration details that could be used in follow-on attacks.
Prerequisites
  • Physical access to the CPCI85 device
  • Ability to extract or dump firmware from the device storage interface
physical access required for exploitationlow complexity attackno authentication requiredfirmware decryption enables credential extraction
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
CPCI85 Central Processing/Communication<V05.3005.30
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCI85 Central Processing/Communication to firmware version 05.30 or later
HARDENINGImplement device inventory and asset management to track all CPCI85 devices and ensure firmware versions are documented and current
Long-term hardening
0/2
HARDENINGImplement physical access controls (locked enclosures, tamper seals, surveillance) to restrict unauthorized opening or access to device internals
HARDENINGIsolate CPCI85 devices from direct internet access; place behind firewalls and on a separate control network
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/d26abf10-6fc8-4f67-8a5e-4dc49353c9ee
Siemens CPCI85 Central Processing/Communication  | CVSS 4.6 - OTPulse