CVE-2024-31484 Siemens CVE debrief

Who should care

Organizations operating Siemens SICAM RTU systems in electrical substations, power generation facilities, and industrial automation environments. Critical infrastructure operators subject to NERC CIP or similar regulatory frameworks should prioritize assessment and remediation.

Technical summary

The vulnerability exists in the HTTP header parsing implementation of affected Siemens SICAM RTU devices. Improper null termination during parsing of a specific HTTP header can result in memory corruption, enabling an attacker to achieve code execution within the current process context or trigger a denial of service condition. The attack vector requires local access with user interaction (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). This affects four product variants used in power grid and industrial automation: CPCX26 Central Processing/Communication, ETA4 Ethernet Interface (IEC60870-5-104), ETA5 Ethernet Interface (IEC61850 Ed.2), and PCCX26 Ax 1703 PE Communication Element.

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor-provided firmware updates: CPCX26 to V06.02 or later, PCCX26 to V06.05 or later, ETA4 to V10.46 or later, and ETA5 to V03.27 or later, available through SICAM RTUs AK3 Package V06.02
• Restrict network access to affected devices using firewall rules and network segmentation
• Monitor for anomalous HTTP traffic targeting SICAM RTU devices
• Implement defense-in-depth strategies for industrial control systems per CISA guidance
• Review and update incident response procedures for industrial control system compromises

Evidence notes

Vulnerability details and remediation guidance sourced from CISA ICS advisory ICSA-24-165-09 and Siemens security advisory SSA-620338. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Official resources