Monday, February 17, 2025
HomeCyber Security NewsSiemens Automation Device Flaw Lets Attacker Execute Remote Code

Siemens Automation Device Flaw Lets Attacker Execute Remote Code

Published on

SIEM as a Service

Follow Us on Google News

It has been discovered that the Siemens A8000 CP-8050 and CP-8031 PLCs contain a vulnerability that can be exploited for Remote Code Execution (RCE) without the need for authentication.

The Siemens SICAM A8000 is a versatile device that can be used for power distribution, transmission, and microgrids. It can also function as a communication gateway for a variety of networks and protocols.

Vulnerability Details

According to SEC Consult, which discovered the vulnerability, the Siemens A8000 CP-8050 and CP-8031 PLCs are affected.

The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by multiple vulnerabilities, such as authenticated remote command injection, exposure of serial UART interface, and hard-coded credentials (for UART login).

CVE-2023-28489 – RCE

An attacker could exploit the flaw by sending a crafted HTTP request to the Siemens Toolbox II port 80/443; arbitrary commands can be executed without authentication.

This attack may lead to the full compromise of the device, and operation will get affected.

CVE-2023-33919 – Authenticated Command Injection

The flaw is due to a lack of input sanitation; any user with access to the SICAM WEB can execute arbitrary commands as a “root” user.

CVE-2023-33920 – Hard-coded Root Password

The “root” password hash remains the same for all the devices, so if the password is known, it could be used to log in via UART and SSH.

CVE-2023-33921 – Console Login via UART

To access the UART interface, physical access to the PCB is required. Once connected, the boot information will be displayed, followed by a login prompt.

Updates

An update to firmware CPCI85 V05 has been released by Siemens; the updates can be found here and here.

Workaround

The possible workaround is to block access to the A8000 CP-8050/CP8031 module or disable the Toolbox II communication on port 80/443 and limit physical access.

A complete report from SEC Consult can be found here.

“AI-based email security measures Protect your business From Email Threats!” – .

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection

Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between...

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Ransomware Gangs Encrypt Systems 17 Hours After Initial Infection

Ransomware gangs are accelerating their operations, with the average time-to-ransom (TTR), the period between...

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...