VDB
ICSA-24-256-16
ICSA-24-256-16
PUBLISHED
CVSS 8.199999809265137 HIGH
Multiple SICAM products are affected by buffer overflow vulnerability in the IEC 61850 Client libraries from Triangle MicroWorks that could allow an unauthenticated remote attacker to create a denial of service condition by sending specially crafted MMS messages. Affected SICAM and SITIPE products: - SICAM A8000 Device firmware - ET85 for CP-8000/CP-8021/CP-8022 - ETI5 for CP-8031/CP-8050 - SICAM EGS Device firmware - ETI5 - SICAM S8000 - ETI5 - SICAM SCC - SITIPE AT Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ET85 Ethernet Interface IEC61850 Ed.2 | ||
| ETI5 Ethernet Int. 1x100TX IEC61850 | ||
| SITIPE AT | ||
| SICAM SCC |
Timeline
- Sep 10, 2024 CVE Published
- Dec 9, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-673996.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-673996.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-16.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-16 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://support.industry.siemens.com/cs/ww/en/view/109895930/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109745469/ fix