OTPulse
FeedAboutContact

Path Traversal Vulnerability in the Web Server of CPCI85 Firmware of SICAM A8000 Devices

Plan Patch7.5SSA-770890Oct 10, 2023
Attack VectorNetwork
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary

The web server in CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 modules contains a path traversal vulnerability. An authenticated attacker could traverse directories on the system, download arbitrary files, and potentially escalate privileges to administrator role.

What this means
What could happen
An authenticated attacker could download sensitive configuration files from the device and potentially gain administrator access, allowing them to modify device settings or disrupt substation communication functions.
Who's at risk
Operators of SIEMENS SICAM A8000 substations using CP-8031 or CP-8050 master modules should be concerned. These devices serve as communication processors in electric utility SCADA systems, managing data flow between control centers and field equipment. Loss of confidentiality or compromise of these devices could impact grid monitoring and control.
How it could be exploited
An attacker with valid user credentials on the SICAM A8000 device accesses the web interface and uses path traversal sequences (e.g., ../ or similar) in HTTP requests to navigate outside the intended web root directory. This allows retrieval of arbitrary files on the system, including configuration files that may contain credentials or system information, potentially leading to privilege escalation to administrator.
Prerequisites
  • Valid user account on the SICAM A8000 device
  • Network access to the web interface (typically port 80/443)
  • Affected firmware version CPCI85 < V05.11
Remotely exploitableAuthentication required (reduces but does not eliminate risk)Actively exploited in the wild (E:P in advisory)Affects control system communication deviceNo patch available for some firmware versions
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
CP-8031 MASTER MODULE (6MF2803-1AA00)All versions < CPCI85 V05.11CPCI85 V05.11 or later
CP-8050 MASTER MODULE (6MF2805-0AA00)All versions < CPCI85 V05.11CPCI85 V05.11 or later
Remediation & Mitigation
0/4
Do now
0/1
WORKAROUNDRestrict web interface access to trusted engineering networks or VLANs using firewall rules or host-based access controls; implement IP whitelisting where possible
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPCI85 firmware to version V05.11 or later on all affected CP-8031 and CP-8050 modules
Long-term hardening
0/2
HARDENINGImplement network segmentation to isolate SICAM A8000 devices from untrusted networks and limit lateral movement
HARDENINGMonitor device access logs for suspicious activity including failed authentication attempts and requests containing directory traversal patterns
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/bb722d5b-ba8a-40f5-99bc-c3f52cd3b383
Path Traversal Vulnerability in the Web Server of CPCI85 Firmware of SICAM A8000 Devices | CVSS 7.5 - OTPulse