WARNING: CRITICAL REMOTE CODE EXECUTION VULNERABILITY IN FIRMWARE OF SIEMENS' SICAM A8000 DEVICES
CVE-2023-28489
Sources
https://cert-portal.siemens.com/productcert/html/ssa-472454.html
Risques
By successfully exploiting this vulnerability, an unauthenticated attacker can perform arbitrary code execution remotely.
Description
CVE-2023-28489 is a command injection vulnerability affecting the CPCI85 firmware in multiple products within Siemens's SICAM A8000 product series.
The SICAM A8000 RTUs (Remote Terminal Units) series is a modular device range for telecontrol and automation applications in all areas of energy supply.
Affected devices are vulnerable to command injection via the web server port 443/tcp if the parameter "Remote Operation" is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated attacker to perform arbitrary code execution remotely on the device.
Actions recommandées
The Centre for Cyber Security Belgium strongly recommends Windows system administrators to install updates for vulnerable systems with the highest priority, after thorough testing.
- Upgrade CP-8031 MASTER MODULE (6MF2803-1AA00) to version CPCI85 V05 or later version
- Upgrade CP-8050 MASTER MODULE (6MF2805-0AA00) to version CPCI85 V05 or later version
See Siemens' dedicated support page for more information on available versions: https://support.industry.siemens.com/cs/document/109804985/sicam-a8000-cp-8031-cp-8050-package-?dti=0&lc=en-BE
Plus d’information
For more information, please read Siemens advisories: https://www.siemens.com/cert/advisories