It has been discovered that the Siemens A8000 CP-8050 and CP-8031 PLCs contain a vulnerability that can be exploited for Remote Code Execution (RCE) without the need for authentication.
The Siemens SICAM A8000 is a versatile device that can be used for power distribution, transmission, and microgrids. It can also function as a communication gateway for a variety of networks and protocols.
According to SEC Consult, which discovered the vulnerability, the Siemens A8000 CP-8050 and CP-8031 PLCs are affected.
The CPCI85 firmware of SICAM A8000 CP-8031 and CP-8050 is affected by multiple vulnerabilities, such as authenticated remote command injection, exposure of serial UART interface, and hard-coded credentials (for UART login).
An attacker could exploit the flaw by sending a crafted HTTP request to the Siemens Toolbox II port 80/443; arbitrary commands can be executed without authentication.
This attack may lead to the full compromise of the device, and operation will get affected.
The flaw is due to a lack of input sanitation; any user with access to the SICAM WEB can execute arbitrary commands as a “root” user.
The “root” password hash remains the same for all the devices, so if the password is known, it could be used to log in via UART and SSH.
To access the UART interface, physical access to the PCB is required. Once connected, the boot information will be displayed, followed by a login prompt.
An update to firmware CPCI85 V05 has been released by Siemens; the updates can be found here and here.
The possible workaround is to block access to the A8000 CP-8050/CP8031 module or disable the Toolbox II communication on port 80/443 and limit physical access.
A complete report from SEC Consult can be found here.
“AI-based email security measures Protect your business From Email Threats!” – .
A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…
The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…
Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…
Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…
%20(1).webp?w=1600&resize=1600,900&ssl=1)
%20(1).webp?w=1600&resize=1600,900&ssl=1)