Warning: critical Remote Code Execution vulnerability in firmware of Siemens' SICAM A8000 devices

Reference:
Advisory #2023-42

Version:
1.0

Affected software:
CP-8031 MASTER MODULE (6MF2803-1AA00), all versions prior to CPCI85 V05
CP-8050 MASTER MODULE (6MF2805-0AA00), all versions prior to CPCI85 V05

Type:
Remote Code Execution (RCE, via Command Injection)

CVE/CVSS:
CVE-2023-28489

Sources

https://cert-portal.siemens.com/productcert/html/ssa-472454.html

https://support.industry.siemens.com/cs/document/109804985/sicam-a8000-cp-8031-cp-8050-package-?dti=0&lc=en-BE

Risks

By successfully exploiting this vulnerability, an unauthenticated attacker can perform arbitrary code execution remotely.

Description

CVE-2023-28489 is a command injection vulnerability affecting the CPCI85 firmware in multiple products within Siemens's SICAM A8000 product series.

The SICAM A8000 RTUs (Remote Terminal Units) series is a modular device range for telecontrol and automation applications in all areas of energy supply.

Affected devices are vulnerable to command injection via the web server port 443/tcp if the parameter "Remote Operation" is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated attacker to perform arbitrary code execution remotely on the device.
 

Recommended Actions

The Centre for Cyber Security Belgium strongly recommends Windows system administrators to install updates for vulnerable systems with the highest priority, after thorough testing.

• Upgrade CP-8031 MASTER MODULE (6MF2803-1AA00) to version CPCI85 V05 or later version
• Upgrade CP-8050 MASTER MODULE (6MF2805-0AA00) to version CPCI85 V05 or later version

See Siemens' dedicated support page for more information on available versions: https://support.industry.siemens.com/cs/document/109804985/sicam-a8000-cp-8031-cp-8050-package-?dti=0&lc=en-BE

More Information

For more information, please read Siemens advisories: https://www.siemens.com/cert/advisories