Denial of Service Vulnerability in CPC80 Firmware of SICAM A8000 Devices
Plan Patch7.5SSA-491621Jul 12, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in the CPC80 firmware of SICAM A8000 master modules allows an unauthenticated remote attacker to cause a permanent denial of service condition through a resource leak (CWE-772). Affected devices include CP-8000 MASTER MODULE WITH I/O (-25/+70°C and -40/+70°C variants), CP-8021 MASTER MODULE, and CP-8022 MASTER MODULE WITH GPRS running firmware versions before CPC80 V16.30. Siemens recommends updating to CPC80 V16.30 or later.
What this means
What could happen
An unauthenticated attacker on your network could crash the SICAM A8000 master module, causing loss of communication and monitoring for all connected power distribution or automation devices until the unit is manually rebooted.
Who's at risk
Power distribution utilities and industrial automation facilities using SICAM A8000 master modules (CP-8000 series with -25/+70°C or -40/+70°C temperature ranges, CP-8021, CP-8022 with GPRS) for SCADA monitoring and control. Any organization relying on these modules for real-time communication with field devices and substations.
How it could be exploited
An attacker sends a specially crafted network packet to the SICAM A8000 master module over the network. The device processes the packet with a resource leak (CWE-772) that depletes available memory or connections, causing the module to stop responding. The device remains unresponsive until manually restarted, disrupting all devices that rely on it for control and monitoring.
Prerequisites
- Network access to the SICAM A8000 master module (typically port 502 for Modbus/TCP or administrative interfaces)
- No authentication or credentials required
- Device running affected CPC80 firmware version prior to V16.30
remotely exploitableno authentication requiredlow complexityaffects SCADA/power distribution systems
Exploitability
Low exploit probability (EPSS 0.9%)
Affected products (4)
4 with fix
ProductAffected VersionsFix Status
CP-8000 MASTER MODULE WITH I/O -25/+70°C< CPC80 V16.30CPC80 V16.30
CP-8000 MASTER MODULE WITH I/O -40/+70°C< CPC80 V16.30CPC80 V16.30
CP-8021 MASTER MODULE< CPC80 V16.30CPC80 V16.30
CP-8022 MASTER MODULE WITH GPRS< CPC80 V16.30CPC80 V16.30
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate CPC80 firmware to version V16.30 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/d70f4fb6-714d-4c60-baa1-c42b554635d3