Certificate Validation Vulnerabilities in SICAM TOOLBOX II Before V07.11

Plan Patch8.1SSA-183963Jul 8, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

SICAM TOOLBOX II versions before V07.11 fail to properly validate the TLS certificate of managed SICAM devices during HTTPS connections. An attacker positioned on the network path can exploit this by presenting a fraudulent certificate, enabling man-in-the-middle attacks to intercept or modify device communications. Siemens has released version 07.11 which corrects this certificate validation issue.

What this means

What could happen

An attacker on the network path between a technician's workstation and a SICAM device could intercept and modify communications, potentially allowing them to inject false commands, alter device configuration, or view sensitive engineering data without detection.

Who's at risk

Utilities and system integrators using SICAM TOOLBOX II (versions before 07.11) to manage SICAM power system automation devices. This affects engineering staff who use the toolbox to configure, monitor, or troubleshoot SICAM devices remotely or on-site.

How it could be exploited

An attacker positioned on the network between the SICAM TOOLBOX II management workstation and a managed device (same LAN, compromised router, or ISP position) can present a fraudulent certificate during the TLS connection. The vulnerable tool will accept this certificate and establish encrypted communication with the attacker instead of the legitimate device, enabling man-in-the-middle attacks.

Prerequisites

Attacker must be on the network path between SICAM TOOLBOX II workstation and the managed device (same network segment, router level, or upstream provider)
Network access to intercept traffic on port 443 or the TLS port used by the managed device
Ability to present a fraudulent certificate (requires compromised network infrastructure or ARP spoofing capability)

Remotely exploitableNo authentication required for the attackAffects management and engineering toolsMan-in-the-middle attack vector

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

SICAM TOOLBOX II< V07.1107.11

Remediation & Mitigation

0/1

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SICAM TOOLBOX II to version 07.11 or later

CVEs (2)

CVE-2024-31853 CVE-2024-31854

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/992313a8-7f02-426d-bac1-953129173507