Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11

Plan PatchCVSS 8.1SSA-183963Jul 8, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SICAM TOOLBOX II before version 07.11 fails to properly validate TLS certificates when connecting to managed devices over HTTPS. An attacker on the network path between the engineering workstation and the target device can intercept connections by presenting a forged certificate, allowing interception and potential modification of management traffic including credentials and device configuration commands.

What this means

What could happen

An attacker positioned on the network path between your workstation and a SICAM-managed device could intercept and decrypt HTTPS traffic, potentially capturing credentials or commands sent to the device, or injecting malicious commands into the communication stream.

Who's at risk

Engineering and operations staff at utilities and industrial facilities who use SICAM TOOLBOX II to manage Siemens SICAM power management and automation devices. This affects anyone who administers or configures SICAM-controlled substations, distribution networks, or power plant equipment via HTTPS management interfaces.

How it could be exploited

An attacker with network access between the engineering workstation running SICAM TOOLBOX II and the managed Siemens device can perform a man-in-the-middle attack by presenting a forged TLS certificate. Because SICAM TOOLBOX II does not properly validate device certificates, it will accept the forged certificate and establish an encrypted tunnel with the attacker instead of the legitimate device, allowing interception and modification of all traffic.

Prerequisites

Network position on the communication path between SICAM TOOLBOX II workstation and managed device (e.g., same network segment, compromised router, or DNS/ARP spoofing capability)
SICAM TOOLBOX II version prior to V07.11

remotely exploitablecertificate validation bypassman-in-the-middle attack vectoraffects SCADA/power systems management software

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SICAM TOOLBOX II< V07.1107.11

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM TOOLBOX II to version 07.11 or later

CVEs (2)

CVE-2024-31853 CVE-2024-31854

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/992313a8-7f02-426d-bac1-953129173507

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.