Siemens SICAM A8000 RTUs

🗓️ 08 Dec 2020 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 40 Views

Siemens SICAM A8000 RTU vulnerability allows unauthorized network access leading to read or write access. Mitigations include updating to v16, configuring secure ciphers, and implementing network protection mechanisms

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the configuration of Siemens SICAM integrated web-server microprogramming software for remote terminals allows a perpetrator to gain unauthorized access to protected information.	15 Mar 202100:00	–	bdu_fstec
Circl	CVE-2020-28396	15 Dec 202000:39	–	circl
CNNVD	多款Siemens产品安全漏洞	8 Dec 202000:00	–	cnnvd
CNVD	SIEMENS SICAM A8000 RTUs SSL Configuration Insecurity Vulnerability	8 Dec 202000:00	–	cnvd
CVE	CVE-2020-28396	14 Dec 202021:05	–	cve
Cvelist	CVE-2020-28396	14 Dec 202021:05	–	cvelist
EUVD	EUVD-2020-20855	7 Oct 202500:30	–	euvd
NVD	CVE-2020-28396	14 Dec 202021:15	–	nvd
OSV	CVE-2020-28396	14 Dec 202021:15	–	osv
Tenable Nessus	Siemens Sicam Protection Mechanism Failure	10 Aug 202100:00	–	nessus

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-415783.html
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-343-07.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-20-343-07
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

08 Dec 2020 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 24.9

CVSS 3.17.3

EPSS0.00174