Siemens SICAM 8 Products Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Siemens SICAM 8 products, specifically in the CPCI85 Central Processing/Communication and RTUM85 RTU Base applications, all versions prior to 26.10. This vulnerability allows for resource exhaustion in the remote operation mode when subjected to a high volume of requests. The influx of multiple requests can deplete system resources, disrupt normal parameterization processes, and necessitate a reset or reboot to restore functionality.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive and requiring a manual reset or reboot to restore normal operation.

Remediation

Users are advised to update to Siemens SICAM 8 CPCI85 or RTUM85 version 26.10 or later. The CPCI85 V26.10 is available within the 'CP-8031/CP-8050 Package' V26.10 and the 'SICAM EGS Package' V26.10. The RTUM85 V26.10 is included in the 'CP-8010/CP-8012 Package' V26.10 and the 'SICAM S8000 Package' V26.10.