OTPulse
FeedAboutContact

Improper Access Control Vulnerability in SICAM TOOLBOX II

Act Now9.9SSA-669737Feb 8, 2022
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionNone needed
Summary

SICAM TOOLBOX II contains an improper access control vulnerability (CWE-798) that could allow an attacker with valid credentials to circumvent access controls and gain unauthorized access to power system configuration and monitoring functions. The vulnerability affects all versions of SICAM TOOLBOX II. Siemens recommends implementing resilient protection measures including network segmentation, firewall protection, and multi-level redundant secondary protection schemes per regulatory guidelines. No vendor patch is currently available.

What this means
What could happen
An attacker with valid credentials could bypass access controls in SICAM TOOLBOX II to gain unauthorized access to power system configuration and monitoring functions, potentially altering grid protection settings or disrupting critical power system operations.
Who's at risk
Transmission system operators (TSOs), distribution system operators (DSOs), and utilities managing power generation, transmission, or distribution systems that use SICAM TOOLBOX II for secondary protection scheme configuration and grid management.
How it could be exploited
An attacker with legitimate engineering credentials could access SICAM TOOLBOX II and circumvent the access control mechanism to perform unauthorized actions on secondary protection schemes, control settings, or monitoring data for power generation, transmission, or distribution systems.
Prerequisites
  • Valid credentials for SICAM TOOLBOX II (engineering workstation account)
  • Network access to SICAM TOOLBOX II application or management interface
  • Access to an engineering workstation where SICAM TOOLBOX II is installed or accessible
No authentication required to exploit the bypassLow attack complexityAffects safety and reliability systems (power grid protection schemes)No patch currently availableHigh CVSS severity (9.9)
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
SICAM TOOLBOX IIAll versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/4
HARDENINGImplement network segmentation and firewall rules to restrict access to SICAM TOOLBOX II management interfaces to authorized engineering workstations only
HARDENINGEnforce multi-factor authentication and strong password policies for all SICAM TOOLBOX II user accounts
HARDENINGConfigure VPN access for remote engineering activities and disable direct internet-facing access to SICAM TOOLBOX II
HARDENINGEnable detailed logging and monitoring of all access attempts and configuration changes in SICAM TOOLBOX II to detect unauthorized activity
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement redundant secondary protection schemes across your power grid as per regulatory requirements to maintain resilience even if SICAM TOOLBOX II is compromised
HOTFIXApply security updates to SICAM TOOLBOX II as they become available from Siemens
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/293789eb-6544-4c9e-9ca2-b778f74040f5
Improper Access Control Vulnerability in SICAM TOOLBOX II | CVSS 9.9 - OTPulse