ID

VAR-202407-0704


CVE

CVE-2024-39601


TITLE

Multiple SICAM products lack authentication vulnerabilities for key functions

Trust: 0.6

sources: CNVD: CNVD-2024-33448

DESCRIPTION

A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities. SICAM 8 Power automation platform is a universal, all-in-one hardware and software-based solution for all applications in the power supply sector. SICAM A8000 RTUs are modular devices for remote control and automation applications in all energy supply sectors. SICAM EGS is the gateway for local substations in distribution networks

Trust: 1.44

sources: NVD: CVE-2024-39601 // CNVD: CNVD-2024-33448

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-33448

AFFECTED PRODUCTS

vendor:siemensmodel:cpci85 central processing/communicationscope:ltversion:5.40

Trust: 0.6

vendor:siemensmodel:sicore base systemscope:ltversion:1.4.0

Trust: 0.6

sources: CNVD: CNVD-2024-33448

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-39601
value: HIGH

Trust: 1.0

CNVD: CNVD-2024-33448
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-33448
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-39601
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2024-33448 // NVD: CVE-2024-39601

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

sources: NVD: CVE-2024-39601

PATCH

title:Patch for Multiple SICAM products lack authentication vulnerabilities for key functionsurl:https://www.cnvd.org.cn/patchInfo/show/573546

Trust: 0.6

sources: CNVD: CNVD-2024-33448

EXTERNAL IDS

db:NVDid:CVE-2024-39601

Trust: 1.6

db:SIEMENSid:SSA-071402

Trust: 1.6

db:CNVDid:CNVD-2024-33448

Trust: 0.6

sources: CNVD: CNVD-2024-33448 // NVD: CVE-2024-39601

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-071402.html

Trust: 1.6

sources: CNVD: CNVD-2024-33448 // NVD: CVE-2024-39601

SOURCES

db:CNVDid:CNVD-2024-33448
db:NVDid:CVE-2024-39601

LAST UPDATE DATE

2024-08-14T14:42:34.156000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-33448date:2024-07-23T00:00:00
db:NVDid:CVE-2024-39601date:2024-07-24T12:55:13.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-33448date:2024-07-23T00:00:00
db:NVDid:CVE-2024-39601date:2024-07-22T14:15:06.107