HQ/EMEAFind out how we can help your business
Siemens industrial control systems (ICS) have a critical vulnerability that could allow an attacker to destabilise a power grid, which impacts the energy sector. Based on reports, the critical flaw is CVE-2023-28489, which affects the CPCI85 firmware of Sicam CP-8050 and A8000 CP-8031 products.
Moreover, exploiting the flaw could allow an attacker to execute remote code execution. The product manufacturers created these RTUs for telecontrol and automation in the energy supply sector, especially for substations.
Fortunately, the affected entity has rolled out patches in firmware versions CPC185 V05 or later. In addition, this giant industrial firm noted that everyone could mitigate the risk of the exploit if they limit access to the web server on TCP ports 80 and 443 through a firewall.
Siemens claimed it learned about the vulnerability in the early weeks of last month.
According to the investigation, Siemens received a threat report from a source regarding a flaw that could enable a threat actor to exploit some of the systems.
The researchers explained that a malicious individual exploiting the critical vulnerability would gain control and access to a device and potentially destabilise a power grind. Hence, a successful attack could cause blackouts by altering essential automation parameters. Furthermore, a threat actor could leverage the bug to deploy additional backdoors.
However, the same researchers noted that these potentially infected devices are mostly within critical infrastructure environments, meaning they are not firmly secured or accessed directly from the internet.
Exploiting the CVE0-2023-28489 could enable an attacker with network access to the targeted machine to obtain full root access without authentication prompts. Leveraging the flaw involves sending a specially developed HTTP request to the targeted RTU.
Unfortunately, the researchers have only released the earlier-mentioned details about the attack and did not release any technical information on preventing a malicious attacker from misusing the data.
However, a source claimed it discovered several bugs within Siemens that already have a fix, and some are beginning to roll out.
