Siemens SICAM: Attackers can reset the admin password

Some SICAM products from Siemens can be attacked via two software vulnerabilities. Under certain conditions, attackers can gain administrative access.

Supervisory Control and Data Acquisition (SCADA) systems are used by employees in critical infrastructures to monitor industrial machinery, for example. The SICAM series from Siemens monitors systems at energy suppliers. A successful attack can have far-reaching consequences.

Admin security vulnerability

In a warning message, the manufacturer states that the SICAM products SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050, SICAM EGS Device firmware CPCI85 and SICAM 8 Software Solution SICORE are vulnerable. The firmwares CPCI85 V5.40 and SICORE V1.4.0 should be secured. All previous versions are said to be vulnerable.

One vulnerability (CVE-2024-37998) is considered"critical". If an attack succeeds, attackers should be able to reset account passwords in order to gain admin access. However, this is only possible if the auto-login function is active. If admins do not currently install the security patch, they can temporarily deactivate this feature to protect their systems.

Dangerous donwgrade possible

To exploit the second vulnerability (CVE-2024-39601"medium"), an attacker must either be authenticated or have unannounced physical access to a vulnerable SCADA system. According to the manufacturer, if this is the case, they can downgrade the firmware in order to install an older, vulnerable version, for example. So far, there have been no reports of attacks already in progress.

Siemens also points out that administrators should adequately protect their SICAM instances from external access via firewalls and VPN connections, for example, in order to minimize the attack surface. Access should only be possible for authorized persons.

(des)