Siemens has an update ready to go to mitigate an uncaught exception vulnerability in its SICAM A8000 RTU, according to NCCIC.
The SICAM A8000 RTU series is affected by a security vulnerability that could allow unauthenticated remote users to cause a denial-of-service condition on the web server of affected products. Emanuel Duss and Nicolas Heiniger from Compass Security discovered this vulnerability.
The following versions of SICAM A8000 RTU, a telecontrol and automation device, suffer from the remotely exploitable vulnerability:
• SICAM A8000 CP-8000 versions prior to v14
• SICAM A8000 CP-802X versions prior to v14
• SICAM A8000 CP-8050 versions prior to v2
Specially crafted network packets sent to Ports 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a denial-of-service condition on a web server.
CVE-2018-13798 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.3.
The product sees use mainly in the energy. It sees action on a global basis.
No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.
Siemens released updates for all product variants and recommends users update to the new versions.
Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk:
1. Limit access to the web server on Ports 80/TCP and 443/TCP with an external firewall
2. Apply a Defense-in-Depth strategy
For additional information see Siemens’ security advisory SSA-579309.