BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector

Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.

Several vulnerabilities patched recently by Siemens in some of its Sicam products could be exploited in attacks aimed at the energy sector.

Siemens informed customers in May that updates released for its Sicam A8000 remote terminal unit, Sicam EGS grid sensors, and Sicam 8 power automation software address two high-severity and one medium-severity flaws.

One of the security holes, CVE-2024-31484, is a buffer overread issue that can be exploited to read sensitive data from memory, which can lead to arbitrary code execution in the context of the current process or to a denial-of-service (DoS) condition.

The second vulnerability, CVE-2024-31485, is a command injection issue in the products’ web interface. It allows an attacker to intercept the username and password of users with elevated privileges, enabling them to execute arbitrary code as root.

The third issue, CVE-2024-31486, is related to MQTT client passwords being improperly protected, allowing an attacker who has physical or remote shell access to obtain the credentials.

In an advisory published in June, the industrial giant informed customers that CVE-2024-31484 also impacts — and has been patched in — SICAM AK3/TM/BC devices.

The impacted products are power grid solutions designed for substation automation. 

Eviden-owned cybersecurity consultancy SEC Consult, whose researchers have been credited for finding these vulnerabilities, on Wednesday published an advisory detailing each of the vulnerabilities

Advertisement. Scroll to continue reading.

SEC Consult’s advisory reveals that CVE-2024-31484 was actually first reported to Siemens more than one year ago.

SEC Consult researcher Steffen Robertz has explained how an attacker could exploit these vulnerabilities in a real-world attack. 

“An attacker needs to first gain network level access on port 443/80 in order to interact with the target,” Robertz told SecurityWeek. “By abusing CVE-2024-31484, the attacker can leak information from the global memory segment which can aid further attacks.”

The researcher added, “Further, if the attacker managed to obtain a low-privileged account for SICAM-WEB, it is possible to use CVE-2024-31485 to leak the password of an administrator. By switching to the admin account the attacker is able to reconfigure the PLC and thus destabilize the substation. All passwords will have to be changed after patching this vulnerability as their confidentiality cannot be guaranteed anymore.”

SEC Consult researchers previously discovered critical Siemens Sicam product vulnerabilities that could allow malicious hackers to destabilize a power grid

Learn More at SecurityWeek’s ICS Cybersecurity Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 21-24, 2024 | Atlanta
www.icscybersecurityconference.com

Related: Vulnerabilities Patched in Kiuwan Code Security Products After Long Disclosure Process

Related: ICS Patch Tuesday: Advisories Published by Siemens, Schneider Electric, Aveva, CISA

Related: Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights