Multiple Vulnerabilities in CPCI85 Firmware of SICAM A8000 Devices

Act Now7.2SSA-731916Jun 13, 2023

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

CPCI85 firmware in SICAM A8000 CP-8031 and CP-8050 communication processors contains multiple vulnerabilities: authenticated remote command injection (CWE-77), hard-coded credentials for UART login (CWE-798), and exposed UART debug interface (CWE-749). These allow an authenticated attacker or someone with physical/local access to the UART port to execute arbitrary commands with processor privileges, potentially altering network configurations or system logs.

What this means

What could happen

An attacker with engineering credentials could execute arbitrary commands on the communication processor, potentially modifying network configurations, audit logs, or SCADA communications. Exposed UART debug interfaces with hard-coded credentials could allow physical or local network access to bypass authentication entirely.

Who's at risk

Utilities operating SIEMENS SICAM A8000 platforms with CP-8031 or CP-8050 master modules used for power system monitoring and data acquisition. Also affects any organization using these communication processors for network bridging or SCADA system integration in critical infrastructure.

How it could be exploited

An attacker with valid engineering workstation credentials can authenticate to the device and inject shell commands through the CPCI85 firmware interface. Alternatively, an attacker with physical access or reachability to the UART serial port could use hard-coded credentials to bypass authentication and gain command execution.

Prerequisites

Valid engineering workstation credentials (for remote authentication)
Network access to the CP-8031 or CP-8050 device management port
UART physical access or local network path to serial debug interface (for hard-coded credential exploitation)

remotely exploitablehigh EPSS score (11.7%)default/hard-coded credentialsaffects critical communication infrastructureauthenticated access pathwayserial interface exposure

Exploitability

High exploit probability (EPSS 11.7%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

CP-8031 MASTER MODULE (6MF2803-1AA00)< CPCI85 V05CPCI85 V05 or later

CP-8050 MASTER MODULE (6MF2805-0AA00)< CPCI85 V05CPCI85 V05 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to CP-8031/CP-8050 management interfaces via firewall rules (limit to engineering networks only)

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCI85 firmware to V05 or later on all CP-8031 and CP-8050 devices

Long-term hardening

0/2

HARDENINGPhysically secure or disable UART debug interfaces if not required for normal operation

HARDENINGImplement network segmentation to isolate SICAM A8000 devices from untrusted networks

CVEs (3)

CVE-2023-33919 CVE-2023-33920 CVE-2023-33921

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/9d009167-aa5f-4b0a-bd40-d0176d1a3f7b