Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Siemens Patches Critical Sicam Grid Flaws

June 26, 2024
Reading Time: 2 mins read
in Alerts
Siemens Patches Critical Sicam Grid Flaws

Siemens recently announced updates for its Sicam A8000 remote terminal unit, Sicam EGS grid sensors, and Sicam 8 power automation software, addressing three significant vulnerabilities. Among these, CVE-2024-31484 is a high-severity buffer overread issue that could lead to sensitive data leaks, arbitrary code execution, or denial-of-service (DoS) conditions. CVE-2024-31485 is another high-severity flaw involving command injection in the products’ web interface, which could allow attackers to intercept user credentials and execute arbitrary code with elevated privileges.

The third vulnerability, CVE-2024-31486, pertains to inadequate protection of MQTT client passwords, potentially exposing credentials to attackers with physical or remote access. Siemens’ advisory, published in June, confirmed that CVE-2024-31484 also affects SICAM AK3/TM/BC devices and has been patched accordingly. SEC Consult, a cybersecurity firm, detailed these vulnerabilities and highlighted that CVE-2024-31484 was initially reported to Siemens over a year ago.

Steffen Robertz from SEC Consult explained that attackers would first need network-level access on ports 443/80 to exploit these vulnerabilities. By exploiting CVE-2024-31484, attackers could extract information from the global memory segment, which could facilitate further attacks. If attackers gain access to a low-privileged account on SICAM-WEB, they could use CVE-2024-31485 to obtain administrator passwords, potentially destabilizing the power grid.

SEC Consult’s advisory recommended that all passwords be changed post-patching due to compromised confidentiality. The firm previously identified critical vulnerabilities in Siemens Sicam products that could disrupt power grid operations. The updates from Siemens aim to mitigate these risks and enhance the security of power grid solutions used in substation automation.

Reference:

  • Siemens Fixes Critical Vulnerabilities in Sicam Grid Systems
Tags: Cyber AlertsCyber Alerts 2024Cyber threatsJune 2024MQTTSicamSiemensVulnerabilities
ADVERTISEMENT

Related Posts

PyPI Malware Steals AWS, CI/CD, macOS Data

PyPI Malware Steals AWS, CI/CD, macOS Data

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

Image Hiding in DNS TXT Records

June 16, 2025
PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

June 16, 2025
VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

June 13, 2025
VexTrio TDS Uses Adtech To Spread Malware

VexTrio TDS Uses Adtech To Spread Malware

June 13, 2025
VexTrio TDS Uses Adtech To Spread Malware

Old Discord Links Now Lead To Malware

June 13, 2025

Latest Alerts

PyPI Malware Steals AWS, CI/CD, macOS Data

IBM Backup Service Flaw Allows Elevated Access

Image Hiding in DNS TXT Records

Old Discord Links Now Lead To Malware

VexTrio TDS Uses Adtech To Spread Malware

Simple Typo Breaks AI Safety Via TokenBreak

Subscribe to our newsletter

    Latest Incidents

    Canada WestJet Airline Contains Cyberattack

    Hackers Leak 10K VirtualMacOSX Customer Data

    Washington Post Investigates Cyberattack on Emails

    Cyberattack On Brussels Parliament Continues

    Swedish Broadcaster SVT Hit By DDoS

    Major Google Cloud Outage Disrupts Web

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial