Improper Access Control Vulnerability in SICAM GridEdge Before V2.7.3

An attacker with local access to the GridEdge host system could inject an SSH key and gain persistent remote access to the device, potentially allowing them to reconfigure grid edge functions or disrupt communications with the control center.

Energy sector utilities operating SICAM GridEdge devices (Classic version) before 2.7.3 in grid edge or distribution automation roles. This affects any organization using GridEdge for substation or distribution-level SCADA communications and control functions.

An attacker must first gain local command-line access to the GridEdge host system (via physical access, compromised local account, or other local privilege). Once local, they can exploit improper file permissions on SSH configuration directories to inject an unauthorized SSH public key. This allows them to connect remotely via SSH without requiring the legitimate system credentials.