Full Report
The SICAM A8000 CP-8031 and CP-8050 devices are affected by a vulnerability that could allow an attacker with physical access to the device to decrypt the firmware. Siemens has released new firmware and hardware versions for the affected products and recommends to update to the latest versions. Both the firmware and the hardware update are required to fix the vulnerability. For details see the section “Additional Information”.
Analysis Summary
# Vulnerability: Firmware Decryption Vulnerability in SICAM A8000 CP-8031 and CP-8050
## CVE Details
- **CVE ID:** CVE-2024-53832
- **CVSS Score:** 4.6 (Medium) v3.1 / 5.1 (Medium) v4.0
- **CWE:** CWE-522: Insufficiently Protected Credentials
## Affected Systems
- **Products:**
- CPCI85 Central Processing/Communication (CP-8031 and CP-8050 variants)
- CP-8031 (6MF28031AA00)
- CP-8031 with conformal coating (6MF28031AC00)
- CP-8050 (6MF28050AA00)
- CP-8050 with conformal coating (6MF28050AC00)
- **Versions:** All versions prior to V05.30
- **Configurations:** Hardware versions earlier than "JJ" (Versions such as AA through II).
## Vulnerability Description
The affected devices utilize a secure element for cryptographic operations. This secure element is connected via an unencrypted Serial Peripheral Interface (SPI) bus. A vulnerability exists where the authentication password for the secure element is transmitted in the clear over this bus. An attacker with physical access to the internal SPI bus can intercept this password and subsequently use the secure element as a decryption "oracle" to decrypt any encrypted firmware update files.
## Exploitation
- **Status:** Reported via SEC Consult Vulnerability Lab; no known exploits in the wild mentioned.
- **Complexity:** Low (once physical access is gained).
- **Attack Vector:** Physical
## Impact
- **Confidentiality:** High (Firmware and update files can be decrypted).
- **Integrity:** None.
- **Availability:** None.
## Remediation
### Patches
A full fix requires **both** a firmware update and a hardware replacement.
- **Firmware:** Update to **V05.30** or later. (Available within "CP-8031/CP-8050 Package" V05.30).
- **Hardware:** The firmware patch is only effective on hardware versions **"JJ" or later** (e.g., KK, LL).
### Workarounds
- Ensure the device is installed in a physically secure environment to prevent unauthorized access to the SPI bus.
- Follow general security recommendations for grid design to build resilience into power systems through multi-level redundant protection schemes.
## Detection
- **Indicators of Compromise:** Physical tampering of the device casing or signs of unauthorized hardware probes attached to the internal SPI bus.
- **Detection methods:** Regular physical audits of RTU enclosures and monitoring for unauthorized personnel in sensitive equipment areas.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-128393[.]html
- **Firmware Download:** hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109804985/
- **Operational Guidelines:** hxxps://www[.]siemens[.]com/gridsecurity