← Back to all briefings

Infrastructure · Credibility 40/100 · · 6 min read

Infrastructure Briefing — Siemens SICAM MMU/T/SGU web interface hardening

CISA’s ICSA-20-196-03 finds multiple remotely exploitable flaws across Siemens SICAM MMU, SICAM T, and SICAM SGU devices that allow remote code execution and unauthorized web access until operators deploy Siemens’ firmware updates and enforce VPN-backed segmentation.

Executive briefing: Siemens SICAM MMU, SICAM T, and SICAM SGU units contain multiple remotely exploitable weaknesses—including missing authentication and encryption—that can lead to remote code execution or exposure of administrative web functions according to CISA’s ICSA-20-196-03 advisory.

Immediate actions for protection relays and substation teams

  • Deploy Siemens firmware updates. Siemens directs operators to upgrade SICAM MMU to v2.05 and SICAM T to v2.18, and to replace discontinued SICAM SGU units with SICAM A8000 RTUs for RTU use cases.
  • Enforce authenticated remote access. Use VPNs to provide encryption and authentication between users and devices, and keep SICAM web interfaces off routable networks.
  • Reduce browser exposure. Follow Siemens’ guidance to access devices only with modern, fully patched browsers and disable unnecessary web functionality.

Strategic follow-through

  • Segment control networks. Keep SICAM units behind dedicated firewalls and prevent direct internet exposure; allow only essential management protocols from jump hosts.
  • Protect credentials in transit. Because older devices lack encryption, wrap management traffic in VPN tunnels and rotate passwords after applying updates.
  • Document supply chain status. Track which substations still rely on legacy SICAM SGU hardware and plan migrations to supported platforms.

Source excerpts

Primary — exploitation risk: “Successful exploitation of these vulnerabilities could allow an attacker to affect the availability, read sensitive data, and gain remote code execution on the affected devices.”

CISA ICSA-20-196-03 (Siemens SICAM)

Primary — required updates: “SICAM MMU: Update to v2.05… SICAM SGU: For RTU applications, upgrade the discontinued SICAM SGU devices to SICAM A8000 RTUs… SICAM T: Update to v2.18.”

CISA ICSA-20-196-03 (Siemens SICAM)

Primary — added authentication controls: “The firmware updates to SICAM T and SICAM MMU introduce authentication to the web application and remove some unnecessary functionality.”

CISA ICSA-20-196-03 (Siemens SICAM)

Primary — compensating controls: “The risk for remote code execution and unauthenticated firmware installation can be mitigated by ensuring encryption and authentication between the user and the device, e.g., by VPN.”

CISA ICSA-20-196-03 (Siemens SICAM)
  • Siemens SICAM
  • authentication
  • firmware
Back to curated briefings