Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment
24-July-24
Siemens has issued out-of-band patches to address two significant vulnerabilities in its Sicam power grid products, including the Sicam A8000 RTU, Sicam Enhanced Grid Sensor (EGS), and Sicam 8 software. The critical vulnerability (CVE-2024-37998) allows unauthorized attackers to reset admin passwords if auto-login is enabled. The medium-severity vulnerability (CVE-2024-39601) lets attackers downgrade device firmware to versions with known vulnerabilities, potentially enabling backdoor deployment. Siemens has released firmware updates and provided workarounds to mitigate these risks.
