Command Injection Vulnerability in the CPCI85 Firmware of SICAM A8000 Devices
Monitor6.6SSA-583634Jan 9, 2024
Attack VectorNetwork
Auth RequiredHigh
ComplexityHigh
User InteractionNone needed
Summary
The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 master modules contains a command injection vulnerability that allows an authenticated remote attacker to inject commands executed with root privileges during device startup. Siemens has released CPCI85 firmware version 05.20 or later to address this issue.
What this means
What could happen
An authenticated attacker with remote access could inject operating system commands that execute with root privileges during device startup, potentially allowing complete control of the SICAM A8000 communications processor and disruption of grid or substation operations.
Who's at risk
Electric utility operators managing SICAM A8000 substation communications processors (CP-8031 and CP-8050 models) used in grid control and protection systems. These devices typically manage real-time control and monitoring communications in substations and control centers.
How it could be exploited
An attacker with valid credentials and network access to the CP-8031 or CP-8050 master module could craft a malicious input during device initialization that injects shell commands into the startup sequence. These commands would execute with root privileges, giving the attacker full system control.
Prerequisites
- Valid authentication credentials for the device
- Network access to the SICAM A8000 CP-8031 or CP-8050 master module
- Device must be restarted or powered on to trigger command execution during startup sequence
Remotely exploitableRequires valid credentialsRoot privilege executionNo active exploitation reportedLow EPSS score
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
CP-8031 MASTER MODULE (6MF2803-1AA00)All versions < CPCI85 V05.20CPCI85 V05.20
CP-8050 MASTER MODULE (6MF2805-0AA00)All versions < CPCI85 V05.20CPCI85 V05.20
Remediation & Mitigation
0/3
Do now
0/1WORKAROUNDRestrict network access to the CP-8031 and CP-8050 master modules to only authorized personnel and management stations using firewall rules and network segmentation
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate CPCI85 firmware to version 05.20 or later on all CP-8031 and CP-8050 master modules
Long-term hardening
0/1HARDENINGImplement network segmentation to isolate SICAM A8000 devices on a dedicated network with strict ingress/egress filtering
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e0de65ab-4822-47b5-b011-5ec014b35fee