Multiple Vulnerabilities in SICAM Products

Plan Patch7.8SSA-871704May 14, 2024

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple vulnerabilities in Siemens SICAM products (CPC80, CPCI85, SICORE, OPUPI0 firmware components) can lead to privilege escalation, remote code execution, or information disclosure. The vulnerabilities affect SICAM A8000 devices (CP-8000/CP-8021/CP-8022/CP-8031/CP-8050), SICAM EGS systems, and SICAM 8 Software Solution deployments. Exploitation requires local or adjacent network access and may require user interaction. Siemens has released patched firmware versions for all affected components.

What this means

What could happen

An attacker with local access to a SICAM device could escalate privileges, run arbitrary code, or extract sensitive information like credentials or configuration data. This could allow modification of power system settings, disruption of communications, or unauthorized access to other networked devices.

Who's at risk

Electric utilities and power system operators using Siemens SICAM products should assess exposure. This affects SICAM A8000 devices (CPC80, CPCI85, OPUPI0 firmwares used in CP-8000/CP-8021/CP-8022/CP-8031/CP-8050 platforms), SICAM EGS systems (CPCI85, OPUPI0 firmwares), and SICAM 8 Software Solution deployments (SICORE). Organizations running these systems for substation automation, network protection, or grid control functions are in scope.

How it could be exploited

An attacker with physical or local network access to a SICAM device (CPC80, CPCI85, SICORE, or OPUPI0 firmware) can exploit these vulnerabilities to gain elevated privileges or execute arbitrary code, potentially gaining full control of the device and the systems it manages.

Prerequisites

Local or adjacent network access to the affected SICAM device
User interaction may be required (such as opening a file or following a link)
Physical access or local access to the device

Low to moderate complexity exploitationRequires local or adjacent network access (not fully remote)Privilege escalation and code execution possibleAffects power system communications and control devicesLow EPSS score (0.6%) but not zero

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (4)

4 with fix

ProductAffected VersionsFix Status

CPC80 Central Processing/Communication<V16.4116.41

CPCI85 Central Processing/Communication<V5.305.30

SICORE Base system<V1.3.01.3.0

OPUPI0 AMQP/MQTT<V5.305.30

Remediation & Mitigation

0/5

Schedule — requires maintenance window

0/4

Patching may require device reboot — plan for process interruption

HOTFIXUpdate CPC80 firmware to version 16.41 or later (included in CP-8000/CP-8021/CP-8022 Package V16.41)

HOTFIXUpdate CPCI85 firmware to version 5.30 or later (included in CP-8031/CP-8050 Package V5.30)

HOTFIXUpdate OPUPI0 firmware to version 5.30 or later (included in CP-8031/CP-8050 Package V5.30)

HOTFIXUpdate SICORE firmware to version 1.3.0 or later (included in SICAM 8 Software Solution Package V5.30)

Long-term hardening

0/1

HARDENINGRestrict local and network access to SICAM devices to authorized personnel only; implement physical security controls and network segmentation

CVEs (3)

CVE-2024-31484 CVE-2024-31485 CVE-2024-31486

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/adb90387-750f-40b6-89be-a900c2e96b20