PatchSiren cyber security CVE debrief
CVE-2024-39601 Siemens CVE debrief
A firmware downgrade vulnerability in Siemens SICAM products allows attackers to roll back to older, vulnerable firmware versions. The flaw permits remote authenticated users or unauthenticated users with physical access to downgrade device firmware, potentially reintroducing known security vulnerabilities that were previously patched. This vulnerability affects CPCI85 Central Processing/Communication and SICORE Base system products used in industrial control environments.
- Vendor
- Siemens
- Product
- CPCI85 Central Processing/Communication
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-07-22
- Original CVE updated
- 2024-07-22
- Advisory published
- 2024-07-22
- Advisory updated
- 2024-07-22
Who should care
Organizations operating Siemens SICAM products in electrical substations, energy distribution systems, and industrial automation environments. Security teams responsible for OT/ICS infrastructure, firmware management, and patch compliance programs. Asset owners with remote management capabilities enabled on SICAM devices.
Technical summary
The vulnerability exists in the firmware update mechanism of affected Siemens SICAM products. The CPCI85 Central Processing/Communication and SICORE Base system fail to properly validate or restrict firmware downgrade operations. A remote authenticated user can exploit this via network-accessible management interfaces, while an unauthenticated attacker with physical device access can exploit it locally. Successful exploitation allows installation of older firmware versions containing known vulnerabilities that were previously remediated, effectively rolling back security patches and re-exposing the device to patched CVEs. The CVSS 3.1 score of 6.5 (Medium) reflects the high integrity impact with network attack vector, low attack complexity, and low privilege requirements.
Defensive priority
high
Recommended defensive actions
- Apply vendor firmware updates: CPCI85 to V5.40 or later via CP-8031/CP-8050 Package V5.40; SICORE to V1.4.0 or later via SICAM 8 Software Solution Package V5.40
- Implement network segmentation to restrict remote access to affected devices
- Enforce strong authentication and least-privilege access controls for remote management interfaces
- Physically secure devices to prevent unauthorized local access
- Monitor for unexpected firmware version changes and configuration drift
- Review and apply CISA ICS recommended practices for defense-in-depth strategies
Evidence notes
CISA ICS advisory ICSA-24-207-01 published 2024-07-22 documents this vulnerability in Siemens SICAM products. The advisory confirms affected products allow firmware downgrade by remote authenticated users or unauthenticated users with physical access. Siemens ProductCERT advisory SSA-071402 provides vendor remediation guidance. CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N indicates network attack vector with low attack complexity, low privileges required, and high impact to integrity.
Official resources
-
CVE-2024-39601 CVE record
CVE.org
-
CVE-2024-39601 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-07-22