Critical Infrastructure Security, Endpoint/Device Security

Power grids at risk from critical Siemens RTU vulnerability

SecurityWeek reports that power grids could be compromised with the exploitation of a critical vulnerability impacting Siemens' Sicam A8000 CP-8031 and CP-8050 remote terminal units with the CPCI85 firmware used in substations. Threat actors could leverage the flaw, tracked as CVE-2023-28489, to facilitate device takeovers and prompt power grid destabilization that may lead to blackouts as well as backdoor deployment, according to SEC Consult Vulnerability Lab Head Johannes Greil, who was part of the team who identified the now-patched bug. "It cannot be ruled out though that some devices might be reachable through third party support access connections or potential misconfigurations," added Greil. Aside from applying patches available in firmware versions CPCI85 V05 or later, organizations leveraging the vulnerable RTUs could also mitigate exploitation through restricted web server access on TCP ports 80 and 443. Such a flaw has also been a subject of an advisory from the Cybersecurity and Infrastructure Security Agency last month.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.