Multiple Vulnerabilities in the Webinterface of SICAM P850 and SICAM P855 Devices

Act Now9.8SSA-165073May 10, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in the web interface of SICAM P850 and SICAM P855 devices include unauthenticated access to web functionality, missing HTTPS encryption, impersonation flaws, and cross-site scripting. These allow attackers to access sensitive configuration or operational data, intercept unencrypted communications, and inject malicious scripts into the web interface.

What this means

What could happen

An attacker could access the device's web interface without authentication to view or modify substation automation settings, read unencrypted communications containing credentials or operational data, or manipulate the web interface to trick operators into executing unauthorized commands.

Who's at risk

Substation automation engineers and operators managing Siemens SICAM P850 and P855 power monitoring and protection devices. Organizations operating electric substations, power distribution networks, and critical infrastructure facilities that rely on these devices for process control and monitoring should prioritize patching.

How it could be exploited

An attacker with network access to the SICAM P850 or P855 device's web interface port could directly access protected functionality without credentials. By exploiting missing HTTPS, the attacker could intercept unencrypted traffic containing sensitive data. Cross-site scripting vulnerabilities could be used to inject malicious code that runs in an operator's browser session.

Prerequisites

Network access to the SICAM device web interface port
No valid credentials required for initial access to some functions
Device must have the vulnerable web interface enabled (default)

Remotely exploitableNo authentication required for some functionsLow complexity attackHigh CVSS score (9.8)Affects critical substation infrastructure

Exploitability

Moderate exploit probability (EPSS 2.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SICAM P850< V3.003.00

SICAM P855< V3.003.00

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDRestrict network access to the SICAM device web interface port (typically 80/443) using firewall rules to only authorized engineering workstations or management networks

WORKAROUNDUse a VPN or secure jump host for remote access to SICAM device web interfaces

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SICAM P850

HOTFIXUpdate SICAM P850 to firmware version 3.00 or later

SICAM P855

HOTFIXUpdate SICAM P855 to firmware version 3.00 or later

Long-term hardening

0/1

HARDENINGSegment substation automation networks from corporate and untrusted networks

CVEs (11)

CVE-2022-29872 CVE-2022-29873 CVE-2022-29874 CVE-2022-29876 CVE-2022-29877 CVE-2022-29878 CVE-2022-29879 CVE-2022-29880 CVE-2022-29881 CVE-2022-29882 CVE-2022-29883

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2a33f03e-2a8a-43d8-a9a7-7b4f4070504d