PatchSiren cyber security CVE debrief
CVE-2024-31486 Siemens CVE debrief
CVE-2024-31486 is a medium-severity vulnerability affecting Siemens SICAM products, specifically the OPUPI0 AMQP/MQTT module used within the CPC80 Central Processing/Communication system. The vulnerability stems from insufficient protection of MQTT client passwords stored on affected devices. An attacker with either remote shell access or physical access to the device could retrieve these credentials, resulting in confidentiality loss. The vulnerability was published on May 14, 2024, and modified on June 11, 2024, with the latter update adding acknowledgments for Constantin Schieber-Knöbl and Stefan Viehböck. Siemens has released firmware version OPUPI0 V5.30 as a remediation, available within the CP-8031/CP-8050 Package V5.30. The CVSS 3.1 vector (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) reflects that while network attack vector is possible, high attack complexity and low privileges required limit exploitability, with high impact to confidentiality but no integrity or availability impact. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Siemens
- Product
- CPC80 Central Processing/Communication
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-05-14
- Original CVE updated
- 2024-06-11
- Advisory published
- 2024-05-14
- Advisory updated
- 2024-06-11
Who should care
Organizations operating Siemens SICAM CPC80 Central Processing/Communication systems with OPUPI0 AMQP/MQTT modules, particularly in electric power utility and industrial control environments where MQTT is used for telemetry and messaging.
Technical summary
The OPUPI0 AMQP/MQTT module in Siemens SICAM products stores MQTT client passwords with insufficient protection. Local or remote authenticated attackers with shell access can extract credentials. Fixed in OPUPI0 V5.30.
Defensive priority
medium
Recommended defensive actions
- Apply Siemens firmware update OPUPI0 V5.30 or later, available within CP-8031/CP-8050 Package V5.30
- Restrict remote shell access to authorized personnel only and monitor for unauthorized access attempts
- Implement network segmentation to limit exposure of affected devices to untrusted networks
- Review and rotate MQTT credentials if compromise is suspected
- Follow CISA ICS recommended practices for defense-in-depth strategies
- Monitor Siemens ProductCERT advisories for additional security updates
Evidence notes
Vulnerability description and remediation details sourced from CISA CSAF advisory ICSA-24-137-02. Vendor attribution and affected product identification confirmed through CSAF product tree data. CVSS vector and remediation instructions extracted from source advisory remediations section. Timeline dates per CVE record metadata.
Official resources
-
CVE-2024-31486 CVE record
CVE.org
-
CVE-2024-31486 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-05-14