CISA warns of critical vulnerabilities in Siemens SICAM 8 products that could allow remote code execution, affecting energy sector infrastructure.
Siemens Energy has issued urgent security advisories for multiple vulnerabilities affecting its SICAM 8 product line, critical components used in energy management and automation systems worldwide. The vulnerabilities, tracked under CVE-2024-26335, CVE-2024-26336, and CVE-2024-26337, have been assigned CVSS scores ranging from 7.5 to 9.8, indicating high to critical severity levels.
The most severe vulnerability, CVE-2024-26337, affects the SICAM SCC (Substation Communication Controller) and allows remote code execution without authentication. Attackers could exploit this flaw to gain complete control over affected systems, potentially disrupting power distribution networks and compromising grid stability. Siemens has confirmed that versions 8.0.0 through 8.0.3 are vulnerable.
CVE-2024-26335 impacts the SICAM PAS (Power Automation System) and involves improper input validation that could lead to buffer overflow conditions. With a CVSS score of 8.8, this vulnerability enables attackers to execute arbitrary code on the target system. The affected versions include 8.0.0 through 8.0.3.
CVE-2024-26336 affects the SICAM SCC's web interface, allowing authenticated users to escalate privileges to administrative levels. While requiring authentication, this vulnerability still poses significant risk as it could enable attackers who have already compromised network credentials to gain full system control. The CVSS score of 7.5 reflects the requirement for existing authentication.
Siemens has released security updates addressing all three vulnerabilities. Customers are strongly advised to upgrade to version 8.0.4 or later immediately. The company has also provided temporary mitigation measures for organizations unable to perform immediate updates, including network segmentation and access control restrictions.
These vulnerabilities are particularly concerning for the energy sector, where SICAM products are widely deployed in substations and control centers. The potential for remote exploitation without authentication makes these flaws especially dangerous in environments where systems may be exposed to external networks or accessible through compromised internal systems.
CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring federal agencies to patch affected systems by the compliance deadline. The agency emphasizes that these vulnerabilities are currently being exploited in the wild, making immediate remediation critical.
Organizations using Siemens SICAM 8 products should immediately assess their exposure and implement the recommended security updates. Siemens Energy's security advisory provides detailed patching instructions and verification procedures to ensure successful remediation.
For additional technical details, including proof-of-concept exploits and detailed vulnerability descriptions, refer to Siemens' official security advisory [SSA-2024-123] and the corresponding CVE entries in the National Vulnerability Database.
Comments
Please log in or register to join the discussion