Siemens warns of vulerabilities in SICAM enabling attackers to reset the admin password
Take action: If you are using Siemens SICAM, make sure they are isolated and accessible only from trusted networks and physically isolated from access by unauthorized persons. Then proceed to plan for deactivation of the auto-login function and for a regular patch process.
Learn More
iemens has issued a warning regarding two software vulnerabilities in their SICAM product series, potentially allowing attackers to gain administrative access under certain conditions.
SICAM, developed by Siemens, is a comprehensive portfolio for energy automation and smart grid solutions. It is primarily used for substation automation, enabling the monitoring and control of industrial systems, particularly within energy supply infrastructures.
- CVE-2024-37998 (CVSS score 9.8) enables attackers to reset account passwords to gain administrative access, provided the auto-login function is active. It affects firmware CPCI85 V5.40 and SICORE V1.4.0 and all prior versions on the following SICAM products:
- SICAM A8000 Device firmware CPCI85 for CP-8031/CP-8050
- SICAM EGS Device firmware CPCI85
- SICAM 8 Software Solution SICORE
Siemens advises temporarily deactivating the auto-login function if administrators cannot immediately apply the security patch.
- CVE-2024-39601 (CVSS score 6.5), requires either authenticated access or unannounced physical access to the SCADA system. An attacker can exploit this flaw to downgrade the firmware to an older, vulnerable version. Although there have been no reports of this vulnerability being actively exploited, it remains a significant concern.
Siemens recommends that administrators, install the latest security patches immediately, deactivate the auto-login function if the patch cannot be applied right away, secure SICAM instances from external access using firewalls and VPN connections and ensure that only authorized personnel have access to these systems.
