SSA-794185
This advisory documents the impact of CVE-2024-3596 (also dubbed "Blastradius"), a vulnerability in the RADIUS protocol, to SIPROTEC, SICAM and related products. The vulnerability could allow on-path attackers, located between a Network Access Server (the RADIUS client, e.g., a SICAM device) and a RADIUS server, to forge Access-Request packets in a way that enables them to modify the corresponding server response packet at will, e.g., turning an "Access-Reject" message into an "Access-Accept". This would cause the Network Access Server to grant the attackers access to the network with the attackers desired authorization (and without the need of knowing or guessing legitimate access credentials). Further details incl. external references can be found in the chapter "Additional Information". Siemens has released new versions for several affected products and recommends to update to the latest versions, and to configure the updated systems as recommended in the chapter "Additional Information". Siemens is preparing further fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. See chapter "Additional Information" for details.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIPROTEC 5 7KE85 (CP300) | ||
| SICAM GridEdge (Classic) | ||
| Powerlink IP | ||
| CPCI85 Central Processing/Communication | ||
| POWER METER SICAM Q100 family | ||
| SIPROTEC 5 6MD89 (CP300) V9.6x | ||
| SICAM AK 3 | ||
| POWER METER SICAM Q200 family | ||
| SIPROTEC 5 6MD89 (CP300) | ||
| SIPROTEC 5 - CP200 Devices | ||
| SICAM GridPass | ||
| SIPROTEC 5 6MU85 (CP300) | ||
| SIPROTEC 5 6MD86 (CP300) | ||
| CPC80 Central Processing/Communication | ||
| SICAM TM | ||
| SIPROTEC 5 6MD84 (CP300) | ||
| SICORE Base system | ||
| SIPROTEC 5 6MD85 (CP300) | ||
| SICAM GridEdge Applications for SICAM 8 Platform | ||
| SICAM BC |
Exploit Intelligence
- alperenugurlu/CVE-2024-3596-Detector (github-poc)
- alperenugurlu/CVE-2024-3596-Detector (github-poc)
- https://support.industry.siemens.com/cs/ww/en/view/109796884/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109814150/ (circl)
- https://cert-portal.siemens.com/productcert/html/ssa-794185.html (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109763384/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109743524/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109743592/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109742950/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109740299/ (circl)
…and 9 more exploits
Timeline
- May 13, 2025 CVE Published
- Nov 11, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/html/ssa-794185.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-794185.json advisory
- https://support.industry.siemens.com/cs/ww/en/view/109814150/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109757433/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109796884/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109763384/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109743524/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109743592/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109742950/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109740299/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109768428/ fix