Siemens SICAM MMU, SICAM T, and SICAM SGU (ICSA-20-196-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on out-of-bounds read, missing authentication for critical function, missing encryption of sensitive data, use of password hash with insufficient computational effort, cross-site scripting, classic buffer overflow, basic XSS, and authentication bypass by capture-replay vulnerabilities in Siemens SICAM MMU, SICAM T, and SICAM SGU. For SICAM MMU, all versions prior to 2.05 are affected. For SICAM SGU, all versions are affected. And for and SICAM T, all versions prior to 2.18 are affected. Successful exploitation of these vulnerabilities could allow an attacker to affect the availability, read sensitive data, and gain remote code execution on the affected devices. Siemens recommends applying updates, where available, as well as implementing specific workarounds and mitigations that can reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities. Access the advisory at CISA.