SSA-673996 — Vulnetix

SSA-673996 PUBLISHED CVSS 8.199999809265137 HIGH

Multiple SICAM products are affected by buffer overflow vulnerability in the IEC 61850 Client libraries from Triangle MicroWorks that could allow an unauthenticated remote attacker to create a denial of service condition by sending specially crafted MMS messages. Affected SICAM and SITIPE products: - SICAM A8000 Device firmware - ET85 for CP-8000/CP-8021/CP-8022 - ETI5 for CP-8031/CP-8050 - SICAM EGS Device firmware - ETI5 - SICAM S8000 - ETI5 - SICAM SCC - SITIPE AT Siemens has released new versions for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products

Vendor	Product	Versions
	ET85 Ethernet Interface IEC61850 Ed.2
	ETI5 Ethernet Int. 1x100TX IEC61850
	SICAM SCC
	SITIPE AT

Timeline

Sep 10, 2024 CVE Published
Dec 9, 2025 CVE Updated

References

https://cert-portal.siemens.com/productcert/html/ssa-673996.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-673996.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109895930/ fix
https://support.industry.siemens.com/cs/ww/en/view/109745469/ fix

Open in Interactive Console →