Unauthorized Command Execution in Siemens SICAM Products
CVE-2020-10038

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Sicam Mmu; Sicam Sgu; Sicam T
Vendor: CVE Published:; 14 July 2020

What is CVE-2020-10038?

A critical vulnerability exists in Siemens SICAM products that could allow an attacker with access to the device's web interface to execute administrative commands without proper authentication. This flaw affects all versions of SICAM MMU prior to V2.05, all versions of SICAM SGU, and all versions of SICAM T prior to V2.18. Proper security measures should be put in place to mitigate unauthorized access risks to these devices.

Affected Version(s)

SICAM MMU All versions < V2.05

SICAM SGU All versions

SICAM T All versions < V2.18

References

https://cert-portal.siemens.com/productcert/pdf/ssa-30512...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2020
Vulnerability Reserved
Mar 4, 2020