Buffer Overflow Vulnerability in SICAM AK3 / BC / TM

Plan Patch7.8SSA-620338Jun 11, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

SICAM AK3, BC, and TM substation automation devices contain a buffer overflow vulnerability (CWE-170) in the firmware of CPCX26, PCCX26, ETA4, and ETA5 modules. An attacker with local or network access could send specially crafted input to overflow a buffer and execute arbitrary code in the device context or trigger a denial of service. The vulnerability affects firmware versions before CPCX26 V06.02, PCCX26 V06.05, ETA4 V10.46, and ETA5 V03.27.

What this means

What could happen

A buffer overflow in SICAM AK3/BC/TM firmware could allow an attacker to run arbitrary code on affected devices, potentially compromising control logic or disabling grid monitoring and communication. Alternatively, the attacker could crash the device and cause a denial of service, interrupting data flow to the control center.

Who's at risk

This affects utilities and industrial operators running Siemens SICAM AK3, BC, or TM substation automation devices used for power distribution control and monitoring. Specifically: CPCX26 central processing modules in CP-2016 systems, PCCX26 processing/communication elements in CP-2019 systems, and ETA4/ETA5 Ethernet gateway modules in SM-2558 systems that handle IEC 60870-5-104 or IEC 61850 protocol communication to the control center.

How it could be exploited

An attacker with local access to the device (via USB, serial port, or physical access during maintenance) could supply malicious input that overflows a buffer in the firmware. If the device is networked and the overflow can be triggered remotely via the Ethernet interface (ETA4/ETA5), the attacker could exploit this from the network without needing to touch the hardware.

Prerequisites

Local or network access to the device
Ability to send specially crafted input to the vulnerable code path
Knowledge of device input format or protocol handling

Buffer overflow vulnerabilityLow EPSS score but locally exploitableAffects critical substation equipmentEthernet interfaces increase attack surface if accessible

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

CPCX26 Central Processing/Communication<V06.0206.02

ETA4 Ethernet Interface IEC60870-5-104<V10.4610.46

ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2<V03.2703.27

PCCX26 Ax 1703 PE, Contr, Communication Element<V06.0506.05

Remediation & Mitigation

0/5

Do now

0/1

HARDENINGRestrict network access to SICAM devices using firewall rules to limit exposure to untrusted networks

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCX26 firmware to version 06.02 or later

HOTFIXUpdate PCCX26 firmware to version 06.05 or later

HOTFIXUpdate ETA4 firmware to version 10.46 or later

HOTFIXUpdate ETA5 firmware to version 03.27 or later

CVEs (1)

CVE-2024-31484

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c8f9a1f5-f968-4be6-b5bc-582804d66de1