Siemens CPCI85 Central Processing/Communication

MonitorCVSS 4.6ICS-CERT ICSA-24-347-01Dec 10, 2024

Siemens

Attack path

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The SICAM A8000 CP-8031 and CP-8050 devices (CPCI85 Central Processing/Communication) are affected by a firmware decryption vulnerability. An attacker with physical access to the device could decrypt the firmware. Siemens has released new firmware and hardware versions to address this issue. Both firmware and hardware updates are required to fully resolve the vulnerability.

What this means

What could happen

An attacker with physical access could decrypt and potentially reverse-engineer or modify the device firmware, gaining the ability to alter industrial control logic or compromise the device's trusted operation. This threatens the integrity and reliability of critical substation or power system operations.

Who's at risk

Operators of electrical substations, control centers, or remote terminal units using Siemens SICAM A8000 CP-8031 or CP-8050 central processing/communication units should prioritize this issue. The risk is greatest where these devices are accessible to unauthorized personnel or located in areas with inadequate physical security controls.

How it could be exploited

An attacker must have physical access to the CPCI85 device. Once they have direct access, they can decrypt the firmware without requiring authentication, potentially extracting sensitive control logic or injecting malicious firmware to alter device behavior or disable protection mechanisms.

Prerequisites

Physical access to the CPCI85 device
No authentication or credentials required

affects industrial control systemsrequires physical access (not remotely exploitable)no authentication needed once physical access gainedfirmware decryption enables potential unauthorized modifications

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Affected products (1)

ProductAffected VersionsFix Status

CPCI85 Central Processing/Communication<V05.3005.30

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict physical access to CPCI85 devices with locked enclosures, access controls, or security seals

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCI85 Central Processing/Communication to firmware version 05.30 or later

HOTFIXReplace hardware with updated version available from Siemens (firmware update alone is insufficient)

Long-term hardening

0/1

HARDENINGLocate control system networks and CPCI85 devices behind firewalls and isolate them from business networks

CVEs (1)

CVE-2024-53832

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d26abf10-6fc8-4f67-8a5e-4dc49353c9ee

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.