Multiple Vulnerabilities in SICAM Products

Act Now9.8SSA-071402Jul 22, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Siemens SICAM products (CPCI85 and SICORE components) allow unauthorized password reset and firmware downgrade without authentication. Affected products include SICAM A8000, SICAM EGS, and SICAM 8 Software Solution. These vulnerabilities could lead to privilege escalation and information disclosure. CPCI85 is used in CP-8031/CP-8050 communication gateways, and SICORE is the base system for SICAM 8 infrastructure. Siemens has released patched firmware versions addressing both issues.

What this means

What could happen

An attacker could reset administrator passwords or downgrade firmware on SICAM devices without authentication, gaining full control of power system communication and monitoring infrastructure. This could allow manipulation of alarms, messages, or operational parameters affecting power distribution.

Who's at risk

Utilities and power system operators using Siemens SICAM products for power system communication and monitoring, specifically those with CPCI85 (used in CP-8031/CP-8050 gateways) or SICORE base systems deployed in SICAM A8000, SICAM EGS, and SICAM 8 software environments. Affects power distribution control centers and communication hubs.

How it could be exploited

An attacker with network access to a SICAM device (CPCI85, SICORE, or associated firmware components) could send crafted requests to trigger unauthorized password resets or firmware downgrades without providing valid credentials. Once downgraded or reset, the attacker gains administrative access to reconfigure the device and intercept or modify communications.

Prerequisites

Network access to the affected SICAM device (CPCI85 or SICORE) on port 80 or 443 (HTTP/HTTPS)
No valid credentials required
Device running vulnerable firmware versions (CPCI85 < V5.40 or SICORE < V1.4.0)

Remotely exploitable over networkNo authentication requiredLow complexity attackCritical CVSS score (9.8)Affects power system infrastructureAllows privilege escalationNo default credentials protection needed

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

CPCI85 Central Processing/Communication<V5.405.40

SICORE Base system<V1.4.01.4.0

Remediation & Mitigation

0/4

Do now

0/4

HOTFIXUpdate CPCI85 firmware to V5.40 or later (delivered within CP-8031/CP-8050 Package V5.40)

HOTFIXUpdate SICORE firmware to V1.4.0 or later (delivered within SICAM 8 Software Solution Package V5.40)

HARDENINGRestrict network access to SICAM devices (CPCI85, SICORE) to authorized engineering workstations and secure management networks only

HARDENINGImplement firewall rules to block unauthorized inbound connections to SICAM device management interfaces

CVEs (2)

CVE-2024-37998 CVE-2024-39601

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9428aa4a-c17b-4490-97f9-7ade5aa0bf31