PatchSiren cyber security CVE debrief
CVE-2024-31485 Siemens CVE debrief
CVE-2024-31485 is a high-severity command injection vulnerability in the web interface of Siemens SICAM products, specifically affecting the CPC80 Central Processing/Communication module and related components. The vulnerability stems from missing server-side input sanitation, allowing an authenticated privileged remote attacker to execute arbitrary code with root privileges. Published on May 14, 2024, and last modified on June 11, 2024, this vulnerability carries a CVSS 3.1 score of 7.2 (HIGH). The affected products include the CPCI85 Central Processing/Communication and SICORE Base system. Siemens has released firmware updates to address this issue: CPCI85 V5.30 (available within the CP-8031/CP-8050 Package V5.30) and SICORE V1.3.0 (available within the SICAM 8 Software Solution Package V5.30). Organizations should prioritize patching, especially given the root-level code execution capability and the relatively low attack complexity. Network segmentation and strict access controls for administrative interfaces are recommended interim mitigations.
- Vendor
- Siemens
- Product
- CPC80 Central Processing/Communication
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SICAM CPC80/CPCI85 Central Processing/Communication modules or SICORE Base systems in industrial control environments, particularly electric utility and critical infrastructure operators. Security teams responsible for OT/ICS asset management and patch deployment should prioritize this vulnerability due to the root-level code execution risk.
Technical summary
The web interface of affected Siemens SICAM devices fails to properly sanitize user input on the server side, resulting in a command injection vulnerability. An attacker with authenticated privileged access can inject and execute arbitrary operating system commands with root privileges. The vulnerability is remotely exploitable over the network with low attack complexity, though it requires high privileges (administrative access). The impact is severe, with complete confidentiality, integrity, and availability compromise possible. Affected products include CPCI85 Central Processing/Communication and SICORE Base system components.
Defensive priority
HIGH
Recommended defensive actions
- Apply vendor-provided firmware updates: update CPCI85 to V5.30 or later, and SICORE to V1.3.0 or later
- Restrict network access to affected device web interfaces to authorized administrative hosts only
- Implement network segmentation to isolate affected industrial control systems from untrusted networks
- Monitor for unauthorized access attempts to administrative web interfaces
- Review and enforce strong authentication mechanisms for privileged accounts on affected systems
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-137-02. CVSS vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H confirms network attack vector with high privileges required. Vendor fix versions explicitly specified in CSAF remediation section.
Official resources
-
CVE-2024-31485 CVE record
CVE.org
-
CVE-2024-31485 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14