PatchSiren cyber security CVE debrief
CVE-2024-37998 Siemens CVE debrief
A critical authentication bypass vulnerability in Siemens SICAM products allows unauthorized administrative access when auto login is enabled. The flaw permits password reset of administrative accounts without knowledge of the current password, enabling complete system compromise.
- Vendor
- Siemens
- Product
- CPCI85 Central Processing/Communication
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-22
- Original CVE updated
- 2024-07-22
- Advisory published
- 2024-07-22
- Advisory updated
- 2024-07-22
Who should care
Organizations operating Siemens SICAM CPCI85 or SICORE systems in electric power grid, industrial control, or critical infrastructure environments. Security teams responsible for OT/ICS asset protection and compliance with NERC CIP or similar critical infrastructure standards. System integrators and operators of Siemens energy automation products.
Technical summary
CVE-2024-37998 is a critical authentication bypass vulnerability affecting Siemens SICAM products including CPCI85 Central Processing/Communication and SICORE Base system. When auto login is enabled, administrative account passwords can be reset without requiring knowledge of the current password. This allows unauthenticated attackers to gain full administrative access to affected applications. The vulnerability is rated CVSS 3.1 9.8 (Critical) with attack vector network, attack complexity low, and no privileges required. Siemens has released firmware updates to address the issue: CPCI85 V5.40 and SICORE V1.4.0. CISA recommends disabling auto login as an immediate mitigation pending patching.
Defensive priority
critical
Recommended defensive actions
- Disable auto login feature immediately on affected Siemens SICAM systems per CISA and Siemens guidance
- Apply vendor firmware updates: CPCI85 to V5.40 or later via CP-8031/CP-8050 Package V5.40
- Apply vendor firmware updates: SICORE to V1.4.0 or later via SICAM 8 Software Solution Package V5.40
- Review administrative account activity for unauthorized access indicators
- Implement network segmentation for ICS/OT environments per CISA recommended practices
- Monitor for anomalous authentication events on affected systems
Evidence notes
CISA ICS advisory ICSA-24-207-01 published 2024-07-22 documents this vulnerability in Siemens SICAM products. The advisory confirms affected products include CPCI85 Central Processing/Communication and SICORE Base system. Siemens ProductCERT advisory SSA-071402 provides vendor remediation guidance. CVSS 3.1 score of 9.8 reflects network exploitable, low complexity attack with no privileges required.
Official resources
-
CVE-2024-37998 CVE record
CVE.org
-
CVE-2024-37998 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-22