A vulnerability was identified in the web server module used in the SICAM A8000 CP-8000, CP-8021 and CP-8022 devices' protocol firmwares. - AGPMT0 (AGP Master) - DNPiT1 (DNP3 TCP/IP Server) - DNPiT2 (DNP3 TCP/IP Client) - DNPMT0 (DNP3 Master seriell) - DNPST0 (DNP3 Slave seriell) - ET83 (61850 Ed.1) - ET85 (61850 Ed.2) - MBCiT0 (MODBUS TCP/IP Client) - MBSiT0 (MODBUS TCP/IP Server) - MODMT2 (MODBUS Master seriell) - OPUPT0 (OPCUA Pub/Sub) - OPUPT1 (Mindconnect) The vulnerability could allow unauthenticated access to the web interface of the affected web server module. The module is used for diagnostic purposes as well as commissioning and has to be activated manually within the protocol firmwares. For this reason the protocol firmwares are secure by default. Siemens updated the manual to make the situation transparent and raise awareness for operators. Siemens recommends countermeasures for products where updates are not, or not yet available.
| Vendor | Product | Versions |
|---|---|---|
| CP-8000 MASTER MODULE WITH I/O -40/+70°C | ||
| CP-8021 MASTER MODULE | ||
| CP-8022 MASTER MODULE WITH GPRS | ||
| CP-8000 MASTER MODULE WITH I/O -25/+70°C |