SSA-185638 V1.0: Authentication Bypass Vulnerability in SICAM A8000 Web Server Module
Risk Summary
<p> A vulnerability was identified in the web server module used in the SICAM A8000 CP-8000, CP-8021 and CP-8022 devices’ protocol firmwares. </p> <ul> <li> AGPMT0 (AGP Master) </li> <li> DNPiT1 (DNP3 TCP/IP Server) </li> <li> DNPiT2 (DNP3 TCP/IP Client) </li> <li> DNPMT0 (DNP3 Master seriell) </li> <li> DNPST0 (DNP3 Slave seriell) </li> <li> ET83 (61850 Ed.1) </li> <li> ET85 (61850 Ed.2) </li> <li> MBCiT0 (MODBUS TCP/IP Client) </li> <li> MBSiT0 (MODBUS TCP/IP Server) </li> <li> MODMT2 (MODBUS Master seriell) </li> <li> OPUPT0 (OPCUA Pub/Sub) </li> <li> OPUPT1 (Mindconnect) </li> </ul> <p> The vulnerability could allow unauthenticated access to the web interface of the affected web server module. The module is used for diagnostic purposes as well as commissioning and has to be activated manually within the protocol firmwares. For this reason the protocol firmwares are <em>secure by default</em>. Siemens updated the manual to make the situation transparent and raise awareness for opera
Remediations
- Refer to Siemens ProductCERT advisory for patch and remediation guidance.
Affected Vendors
Affected Products (1)
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more