Authentication Bypass Bug Hits Siemens Energy Automation Device

An authentication bypass vulnerability in a Siemens device that’s used in energy automation systems could allow an attacker to gain control of the device.

The vulnerability is in the Siemens SICAM MIC, a small telecontrol system that performs a number of functions and includes an integrated Web server and several other features. 

“The devices consist of a master control element and various I/O modules and are designed for DIN rail mounting. The master control element serves for the interfacing and supplying of the I/O modules and provides a telecommunications interface,” the Siemens documentation for the device says.

Researcher Philippe Oechslin of Objectif Sécurité discovered the authentication bypass in the SICAM MIC devices and reported it to the company, which has released an updated version of the firmware that fixes the problem.

“Attackers with network access to the device’s web interface (Port 80/TCP) could possibly circumvent authentication and perform administrative operations. A legitimate user must be logged into the web interface for the attack to be successful,” the advisory from ICS-CERT says.

Siemens has released firmware V2404 to fix the vulnerability. The bug can be exploited remotely, but ICS-CERT said in its advisory that there is no known public exploit yet.

Suggested articles