Siemens recently announced updates for its Sicam A8000 remote terminal unit, Sicam EGS grid sensors, and Sicam 8 power automation software, addressing three significant vulnerabilities. Among these, CVE-2024-31484 is a high-severity buffer overread issue that could lead to sensitive data leaks, arbitrary code execution, or denial-of-service (DoS) conditions. CVE-2024-31485 is another high-severity flaw involving command injection in the products’ web interface, which could allow attackers to intercept user credentials and execute arbitrary code with elevated privileges.
The third vulnerability, CVE-2024-31486, pertains to inadequate protection of MQTT client passwords, potentially exposing credentials to attackers with physical or remote access. Siemens’ advisory, published in June, confirmed that CVE-2024-31484 also affects SICAM AK3/TM/BC devices and has been patched accordingly. SEC Consult, a cybersecurity firm, detailed these vulnerabilities and highlighted that CVE-2024-31484 was initially reported to Siemens over a year ago.
Steffen Robertz from SEC Consult explained that attackers would first need network-level access on ports 443/80 to exploit these vulnerabilities. By exploiting CVE-2024-31484, attackers could extract information from the global memory segment, which could facilitate further attacks. If attackers gain access to a low-privileged account on SICAM-WEB, they could use CVE-2024-31485 to obtain administrator passwords, potentially destabilizing the power grid.
SEC Consult’s advisory recommended that all passwords be changed post-patching due to compromised confidentiality. The firm previously identified critical vulnerabilities in Siemens Sicam products that could disrupt power grid operations. The updates from Siemens aim to mitigate these risks and enhance the security of power grid solutions used in substation automation.
Reference:
