Siemens Fixes Authentication Bypass Hole

Wednesday, July 15, 2015 @ 01:07 PM gHale

Siemens identified and fixed an authentication bypass vulnerability in its SICAM MIC telecontrol device, according to a report on ICS-CERT.

This remotely exploitable vulnerability ended up reported directly to Siemens by Philippe Oechslin from Objectif Sécurité.

Siemens Fixes XSS Vulnerability
PACTware Fixes Exceptional Conditions Hole
Wind River Patches TCP Predictability Hole
Wonderware Patches Vulnerability

All versions of SICAM MIC prior to V2404 suffer from the issue.

A remote attacker may be able to exploit this vulnerability to perform administrative operations.

Siemens is a multinational company headquartered in Munich, Germany.

The Siemens SICAM MIC is a modular telecontrol device for energy automation that belongs to the SICAM RTU product family. According to Siemens, SICAM MIC products see action across several sectors including energy. Siemens said these products see use on a global basis.

Attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform administrative operations. A legitimate user must end up logged into the web interface for the attack to be successful.

CVE-2015-5386 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 8.3.

No known public exploits specifically target this vulnerability. However, an attacker with medium skill would be able to exploit this vulnerability.

Siemens provides firmware update V2404, which fixes the vulnerability and contains further security improvements. Siemens recommends customers update to the latest firmware version. Click here for the firmware update for SICAM MIC.

For more information on this vulnerability and more detailed mitigation instructions, click on the Siemens Security Advisory SSA-632547.