Siemens has released critical security advisory for its SICAM products vulnerabilities that could lead to unauthorized access and data leaks. The affected products include the SICAM A8000 RTUs, SICAM EGS, and the SICAM 8 Power automation platform.
The first vulnerability, tracked as CVE-2024-37998 with a CVSS score of 9.3 allows attackers to reset administrative passwords without knowing the current one, potentially granting them full control over the affected devices
The second vulnerability tracked as CVE-2024-39601 with a CVSS score of 7.1, affect the firmware of these products enables firmware downgrades, which could expose the devices to previously patched vulnerabilities.
The SICAM product line plays a crucial role in power automation and control systems, making these vulnerabilities particularly concerning for energy providers and industrial facilities.
Siemens has released new firmware versions for the affected products and strongly recommends that users update to the latest versions immediately. The company also suggests disabling the auto-login feature as a workaround for CVE-2024-37998.
Siemens also urges users to follow general security best practices, such as using strong passwords, regularly updating firmware, and implementing network segmentation.
