Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
A critical vulnerability affecting some of Siemens’ industrial control systems (ICS) designed for the energy sector could allow malicious hackers to destabilize a power grid, according to the researchers who found the security hole.

The vulnerability, tracked as CVE-2023-28489, impacts the CPCI85 firmware of Sicam A8000 CP-8031 and CP-8050 products, and it can be exploited by an unauthenticated attacker for remote code execution. These products are remote terminal units (RTUs) designed for telecontrol and automation in the energy supply sector, particularly for substations. Patches are available in firmware versions CPCI85 V05 or later, and the German industrial giant also noted that the risk of exploitation can be reduced by limiting access to the web server on TCP ports 80 and 443 using a firewall.
Johannes Greil, head of the SEC Consult Vulnerability Lab, told SecurityWeek that an attacker who can exploit CVE-2023-28489 can take complete control of a device and they could potentially destabilize a power grid and possibly even cause blackouts by changing critical automation parameters. Threat actors could also leverage the vulnerability to implement backdoors. However, the expert noted that since these devices are mostly used in critical infrastructure environments, they are typically ‘strongly firewalled’ and are not accessible directly from the internet. “It cannot be ruled out though that some devices might be reachable through 3rd party support access connections or potential misconfigurations,” Greil explained.

Exploitation of CVE-2023-28489 can allow an attacker who has network access to the targeted device to gain full root access without any prior authentication. Exploitation of the flaw involves sending a specially crafted HTTP request to the targeted RTU. The US Cybersecurity and Infrastructure Security Agency (CISA) also published an advisory in April to inform organizations about the vulnerability. Greil pointed out that Siemens Sicam products are among the first devices in the world to receive ‘maturity level 4’ certification in the Industrial Cyber Security category. This certification, IEC62443-4-1, indicates that security was an important factor throughout the design and development process and that the product has undergone rigorous testing. SEC Consult is currently not releasing any technical details to prevent malicious hackers from potentially misusing the information.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.