{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "A vulnerability was identified in the web server module used in the\nSICAM A8000 CP-8000, CP-8021 and CP-8022 devices' protocol firmwares.\n- AGPMT0 (AGP Master)  - DNPiT1 (DNP3 TCP/IP Server)  - DNPiT2 (DNP3\nTCP/IP Client)  - DNPMT0 (DNP3 Master seriell)  - DNPST0 (DNP3 Slave\nseriell)  - ET83 (61850 Ed.1)  - ET85 (61850 Ed.2)  - MBCiT0 (MODBUS\nTCP/IP Client)  - MBSiT0 (MODBUS TCP/IP Server)  - MODMT2 (MODBUS\nMaster seriell)  - OPUPT0 (OPCUA Pub/Sub)  - OPUPT1 (Mindconnect)\nThe vulnerability could allow unauthenticated access to the web\ninterface of the affected web server module. The module is used for\ndiagnostic purposes as well as commissioning and has to be activated\nmanually within the protocol firmwares. For this reason the protocol\nfirmwares are secure by default. Siemens updated the manual to make\nthe situation transparent and raise awareness for operators.\nSiemens recommends countermeasures for products where updates are not,\nor not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are\nusually required by regulations to build resilience into the power\ngrids by applying multi-level redundant secondary protection schemes.\nIt is therefore recommended that the operators check whether\nappropriate resilient protection measures are in place. The risk of\ncyber incidents impacting the grid's reliability can thus be minimized\nby virtue of the grid design.\n\nSiemens strongly recommends applying the provided security updates\nusing the corresponding tooling and documented procedures made\navailable with the product. If supported by the product, an automated\nmeans to apply the security updates across multiple product instances\nmay be used. Siemens strongly recommends prior validation of any\nsecurity update before being applied, and supervision by trained staff\nof the update process in the target environment.\n\nAs a general security measure Siemens strongly recommends to protect\nnetwork access with appropriate mechanisms (e.g. firewalls,\nsegmentation, VPN). It is advised to configure the environment\naccording to our operational guidelines in order to run the devices in\na protected IT environment.\n\nRecommended security guidelines can be found at:\n\nhttps://www.siemens.com/gridsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-185638: Authentication Bypass Vulnerability in SICAM A8000 Web Server Module - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185638.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-185638: Authentication Bypass Vulnerability in SICAM A8000 Web Server Module - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-185638.txt"
      },
      {
        "category": "self",
        "summary": "SSA-185638: Authentication Bypass Vulnerability in SICAM A8000 Web Server Module - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-185638.json"
      }
    ],
    "title": "SSA-185638: Authentication Bypass Vulnerability in SICAM A8000 Web Server Module",
    "tracking": {
      "current_release_date": "2022-08-09T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-185638",
      "initial_release_date": "2022-08-09T00:00:00Z",
      "revision_history": [
        {
          "date": "2022-08-09T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C",
                  "product_id": "1",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6MF2101-0AB10-0AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CP-8000 MASTER MODULE WITH I/O -25/+70\u00b0C"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C",
                  "product_id": "2",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6MF2101-1AB10-0AA0"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CP-8000 MASTER MODULE WITH I/O -40/+70\u00b0C"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "CP-8021 MASTER MODULE",
                  "product_id": "3",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6MF2802-1AA00"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CP-8021 MASTER MODULE"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "CP-8022 MASTER MODULE WITH GPRS",
                  "product_id": "4",
                  "product_identification_helper": {
                    "model_numbers": [
                      "6MF2802-2AA00"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CP-8022 MASTER MODULE WITH GPRS"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-46304",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Operate the affected web server module only when required and consider\nthe security instructions provided in the updated manual (see also\nAdditional Information chapter)",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "1",
            "2",
            "3",
            "4"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4"
          ]
        }
      ],
      "title": "CVE-2021-46304"
    }
  ]
}