Siemens SICAM MMU, SICAM T, and SICAM SGU Authentication Bypass By Capture-Replay (CVE-2020-10045)

high Tenable OT Security Plugin ID 500399

Synopsis

The remote OT asset is affected by a vulnerability.

Description

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.

This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original can be found at CISA.gov.

Siemens recommends applying updates, where available:

- SICAM MMU: Update to v2.05
- SICAM SGU: For RTU applications, upgrade the discontinued SICAM SGU devices to SICAM A8000 RTUs.
- SICAM T: Update to v2.18

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:

- The firmware updates to SICAM T and SICAM MMU introduce authentication to the web application and remove some unnecessary functionality. The web authentication functionality reduces the risk of access to the device’s web application for executing administrative commands by unauthenticated users.
- Due to hardware constraints, encryption is not possible on the devices. Confidential data such as passwords handled by the devices need to be protected on the network by other means, e.g., by VPN.
- The risk for remote code execution and unauthenticated firmware installation can be mitigated by ensuring encryption and authentication between the user and the device, e.g., by VPN.
- Use a modern and up to date browser.

As a general security measure, Siemens strongly recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to the Siemens operational guidelines for Industrial Security and following the recommendations in the product manuals.

For additional information, please refer to Siemens Security Advisory SSA-305120

See Also

https://cert-portal.siemens.com/productcert/pdf/ssa-305120.pdf

https://www.cisa.gov/news-events/ics-advisories/icsa-20-196-03

Plugin Details

Severity: High

ID: 500399

Version: 1.9

Type: remote

Family: Tenable.ot

Published: 2/7/2022

Updated: 9/4/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-10045

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:siemens:sicam_mmu_firmware, cpe:/o:siemens:sicam_t_firmware, cpe:/o:siemens:sicam_sgu_firmware:-

Required KB Items: Tenable.ot/Siemens

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2020

Vulnerability Publication Date: 7/14/2020

Reference Information

CVE: CVE-2020-10045

CWE: 294

ICSA: 20-196-03