June 26, 2024 at 06:05AM
Recently, Siemens patched high-severity vulnerabilities in Sicam products: A8000, EGS grid sensors, and 8 power automation software, affecting energy sector security. The flaws allow sensitive data theft, command injection, and password exposure, potentially enabling arbitrary code execution and network destabilization. SEC Consult credited for discovery, with a potential real-world attack explanation provided by researcher Steffen Robertz.
From the meeting notes, it appears that Siemens has recently addressed vulnerabilities in some of its Sicam products, particularly those aimed at the energy sector. The updates released for the Sicam A8000 remote terminal unit, Sicam EGS grid sensors, and Sicam 8 power automation software were intended to fix security flaws, including two high-severity and one medium-severity vulnerabilities.
The identified vulnerabilities include a buffer overread issue (CVE-2024-31484) that can be exploited to read sensitive data from memory and potentially lead to arbitrary code execution or a denial-of-service condition. Another vulnerability (CVE-2024-31485) is related to a command injection issue in the web interface, which allows an attacker to intercept usernames and passwords of users with elevated privileges. The third issue (CVE-2024-31486) involves improper protection of MQTT client passwords, potentially enabling attackers with physical or remote shell access to obtain credentials.
These vulnerabilities were detailed in an advisory published by Eviden-owned cybersecurity consultancy SEC Consult, whose researchers credited for finding these vulnerabilities. The advisory revealed that one of the vulnerabilities (CVE-2024-31484) was reported to Siemens more than a year before and could be exploited by gaining network level access on port 443/80 to interact with the target.
Additionally, it was explained how an attacker could exploit these vulnerabilities in a real-world attack, including leaking information from the global memory segment and potentially destabilizing the substation by reconfiguring the PLC and obtaining administrator passwords.
Overall, it’s important to note that these vulnerabilities could have serious implications for power grid solutions designed for substation automation, and customers are advised to update their systems and change passwords after patching to ensure confidentiality.