Siemens sicam mic Authentication Bypass Vulnerability (CVE-2015-5386)
Siemens sicam mic Authentication Bypass Vulnerability (CVE-2015-5386)
Release date:
Updated on:
Affected Systems:
Siemens sicam mic <1, 2404
Description:
Bugtraq id: 75904
CVE (CAN) ID: CVE-2015-5386
Siemens sicam mic is an energy automation modular remote control device belonging to the sicam rtu product family.
An authentication bypass vulnerability exists in versions earlier than Siemens sicam mic 2404. Remote attackers can exploit this vulnerability to perform administrator operations by accessing the Web interface (TCP/80 port) of the device.
<* Source: Philippe Oechslin
*>
Suggestion:
Vendor patch:
Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/substation-automation/remote-terminal-units/pages/sicam-mic.aspx
This article permanently updates the link address: