Multiple Vulnerabilities in the Web Server of SICAM P850 and SICAM P855 Devices Before V3.11

Monitor5.5SSA-201498Nov 11, 2025

Attack VectorNetwork

Auth RequiredLow

ComplexityHigh

User InteractionRequired

Summary

The web server in SICAM P850 and SICAM P855 devices before V3.11 contains a Cross Site Request Forgery (CSRF) vulnerability and lacks cookie protection flags (Secure, HttpOnly, SameSite). This allows an attacker to perform unauthorized actions on the device on behalf of a logged-in user, including changing device settings, credentials, or network configuration. The vulnerability requires the victim to be actively logged into the web interface and to interact with attacker-controlled content.

What this means

What could happen

An attacker could trick a logged-in administrator into unknowingly performing actions on the SICAM P850/P855 device, such as changing device settings, user credentials, or network configuration. The missing cookie protections could also allow session hijacking if an administrator browses untrusted websites while logged in.

Who's at risk

This affects operators of Siemens SICAM P850 and P855 power management and automation devices used in electrical utilities and substations. Typically managed by control system engineers or network administrators at power utilities and distribution companies.

How it could be exploited

An attacker sends a phishing email or malicious link to a SICAM device administrator. When the admin clicks the link while logged into the device, the attacker's website performs unauthorized actions (like disabling logging, changing passwords, or modifying power system settings) without the admin's knowledge. Missing cookie protections make it easier for the attacker to steal or manipulate the admin session.

Prerequisites

Administrator must be logged into the SICAM P850 or P855 web interface
Administrator must visit an attacker-controlled website or click a malicious link while logged in
Web browser must allow cross-site requests to the SICAM device (common in most browsers)

remotely exploitablerequires valid user sessionno patch available yet for early discoveryaffects configuration management capabilities

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

SICAM P850< 3.113.11

SICAM P855< 3.113.11

Remediation & Mitigation

0/3

Do now

0/1

HARDENINGEducate device administrators to avoid clicking untrusted links while logged into the SICAM device web interface

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

SICAM P850

HOTFIXUpdate SICAM P850 firmware to version 3.11 or later

SICAM P855

HOTFIXUpdate SICAM P855 firmware to version 3.11 or later

CVEs (2)

CVE-2023-30901 CVE-2023-31238

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9e2e1f3d-4a1b-4151-a22c-315670ad2a42