CVE-2023-30901: CWE-352: Cross-Site Request Forgery (CSRF) in Siemens SICAM P850
CVE-2023-30901 is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple versions of Siemens SICAM P850 and SICAM P855 devices prior to version 3. 11, as well as SICAM T versions before 3. 0. The vulnerability resides in the web interface of these devices, allowing an attacker to trick an authenticated user into executing unauthorized actions by clicking a malicious link. Exploitation requires user interaction but no elevated privileges or prior authentication by the attacker. The vulnerability impacts the integrity of the device’s configuration or operation but does not directly affect confidentiality or availability. Siemens has assigned a medium severity score (CVSS 4. 3) to this issue. No known exploits are currently reported in the wild, and no patches are linked yet. European organizations using these Siemens industrial control devices should prioritize mitigation to prevent potential unauthorized control or manipulation of critical infrastructure components.
AI Analysis
Technical Summary
CVE-2023-30901 identifies a Cross-Site Request Forgery (CSRF) vulnerability in Siemens SICAM P850 and P855 devices, as well as SICAM T devices, specifically in their web interfaces. This vulnerability affects all versions prior to 3.11 for SICAM P850 and P855, and versions prior to 3.0 for SICAM T. The CSRF flaw allows an attacker to craft malicious web requests that, when executed by an authenticated user’s browser, perform unauthorized actions on the device without the user’s consent. Since the devices’ web interfaces do not adequately validate the origin or authenticity of state-changing requests, the attacker can exploit this by luring a legitimate user into clicking a specially crafted link or visiting a malicious webpage. The vulnerability does not require the attacker to have any privileges or prior authentication, but it does require the victim to be authenticated and interact with the malicious content. The impact is primarily on the integrity of the device’s configuration or operational state, as unauthorized commands could be issued. Confidentiality and availability impacts are not directly indicated. Siemens has assigned a CVSS v3.1 base score of 4.3 (medium severity), reflecting the network attack vector, low complexity, no privileges required, but requiring user interaction and limited impact scope. No public exploit code or known active exploitation has been reported. The vulnerability affects a wide range of SICAM P850 and P855 variants, which are used in industrial control systems for power distribution and automation, making this a concern for critical infrastructure security.
Potential Impact
For European organizations, particularly those operating critical infrastructure such as power utilities and industrial automation systems, this vulnerability poses a risk of unauthorized manipulation of control devices. Successful exploitation could allow attackers to alter device configurations or operational parameters, potentially disrupting power distribution or industrial processes. While the vulnerability does not directly compromise confidentiality or cause denial of service, unauthorized changes could lead to operational instability or safety hazards. Given the widespread deployment of Siemens SICAM devices across Europe’s energy sector, the threat could affect national grid operators, regional utilities, and industrial facilities. The requirement for user interaction somewhat limits the attack vector, but social engineering or phishing campaigns targeting control system operators could facilitate exploitation. The absence of known exploits currently reduces immediate risk, but the critical nature of affected systems means that even medium-severity vulnerabilities warrant prompt attention. Failure to mitigate could expose organizations to targeted attacks aiming to disrupt or manipulate critical infrastructure components.
Mitigation Recommendations
1. Upgrade all affected Siemens SICAM P850, P855, and SICAM T devices to version 3.11 or later, where the vulnerability is resolved. 2. If immediate patching is not possible, implement compensating controls such as restricting access to the web interface to trusted networks and users only, using network segmentation and firewalls. 3. Enforce strict authentication and session management policies to reduce the risk of session hijacking or misuse. 4. Educate and train operators and users on the risks of phishing and social engineering to prevent inadvertent interaction with malicious links. 5. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking CSRF attack patterns targeting the SICAM web interfaces. 6. Monitor device logs and network traffic for unusual or unauthorized configuration changes. 7. Disable or limit web interface access where possible, especially from external or less secure networks. 8. Siemens should be contacted for official patches or guidance if not publicly available, and organizations should subscribe to Siemens security advisories for updates. 9. Implement multi-factor authentication (MFA) for accessing device management interfaces to add an additional security layer. 10. Conduct regular security assessments and penetration testing focused on industrial control system interfaces to detect similar vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Poland, Sweden, Norway
CVE-2023-30901: CWE-352: Cross-Site Request Forgery (CSRF) in Siemens SICAM P850
Description
CVE-2023-30901 is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple versions of Siemens SICAM P850 and SICAM P855 devices prior to version 3. 11, as well as SICAM T versions before 3. 0. The vulnerability resides in the web interface of these devices, allowing an attacker to trick an authenticated user into executing unauthorized actions by clicking a malicious link. Exploitation requires user interaction but no elevated privileges or prior authentication by the attacker. The vulnerability impacts the integrity of the device’s configuration or operation but does not directly affect confidentiality or availability. Siemens has assigned a medium severity score (CVSS 4. 3) to this issue. No known exploits are currently reported in the wild, and no patches are linked yet. European organizations using these Siemens industrial control devices should prioritize mitigation to prevent potential unauthorized control or manipulation of critical infrastructure components.
AI-Powered Analysis
Technical Analysis
CVE-2023-30901 identifies a Cross-Site Request Forgery (CSRF) vulnerability in Siemens SICAM P850 and P855 devices, as well as SICAM T devices, specifically in their web interfaces. This vulnerability affects all versions prior to 3.11 for SICAM P850 and P855, and versions prior to 3.0 for SICAM T. The CSRF flaw allows an attacker to craft malicious web requests that, when executed by an authenticated user’s browser, perform unauthorized actions on the device without the user’s consent. Since the devices’ web interfaces do not adequately validate the origin or authenticity of state-changing requests, the attacker can exploit this by luring a legitimate user into clicking a specially crafted link or visiting a malicious webpage. The vulnerability does not require the attacker to have any privileges or prior authentication, but it does require the victim to be authenticated and interact with the malicious content. The impact is primarily on the integrity of the device’s configuration or operational state, as unauthorized commands could be issued. Confidentiality and availability impacts are not directly indicated. Siemens has assigned a CVSS v3.1 base score of 4.3 (medium severity), reflecting the network attack vector, low complexity, no privileges required, but requiring user interaction and limited impact scope. No public exploit code or known active exploitation has been reported. The vulnerability affects a wide range of SICAM P850 and P855 variants, which are used in industrial control systems for power distribution and automation, making this a concern for critical infrastructure security.
Potential Impact
For European organizations, particularly those operating critical infrastructure such as power utilities and industrial automation systems, this vulnerability poses a risk of unauthorized manipulation of control devices. Successful exploitation could allow attackers to alter device configurations or operational parameters, potentially disrupting power distribution or industrial processes. While the vulnerability does not directly compromise confidentiality or cause denial of service, unauthorized changes could lead to operational instability or safety hazards. Given the widespread deployment of Siemens SICAM devices across Europe’s energy sector, the threat could affect national grid operators, regional utilities, and industrial facilities. The requirement for user interaction somewhat limits the attack vector, but social engineering or phishing campaigns targeting control system operators could facilitate exploitation. The absence of known exploits currently reduces immediate risk, but the critical nature of affected systems means that even medium-severity vulnerabilities warrant prompt attention. Failure to mitigate could expose organizations to targeted attacks aiming to disrupt or manipulate critical infrastructure components.
Mitigation Recommendations
1. Upgrade all affected Siemens SICAM P850, P855, and SICAM T devices to version 3.11 or later, where the vulnerability is resolved. 2. If immediate patching is not possible, implement compensating controls such as restricting access to the web interface to trusted networks and users only, using network segmentation and firewalls. 3. Enforce strict authentication and session management policies to reduce the risk of session hijacking or misuse. 4. Educate and train operators and users on the risks of phishing and social engineering to prevent inadvertent interaction with malicious links. 5. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking CSRF attack patterns targeting the SICAM web interfaces. 6. Monitor device logs and network traffic for unusual or unauthorized configuration changes. 7. Disable or limit web interface access where possible, especially from external or less secure networks. 8. Siemens should be contacted for official patches or guidance if not publicly available, and organizations should subscribe to Siemens security advisories for updates. 9. Implement multi-factor authentication (MFA) for accessing device management interfaces to add an additional security layer. 10. Conduct regular security assessments and penetration testing focused on industrial control system interfaces to detect similar vulnerabilities.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- siemens
- Date Reserved
- 2023-04-20T12:49:03.482Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6913a08cf4d5bbdab5b1c77c
Added to database: 11/11/2025, 8:46:04 PM
Last enriched: 12/16/2025, 11:44:31 AM
Last updated: 1/18/2026, 5:01:06 AM
Views: 101
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-1110: Buffer Overflow in cijliu librtsp
MediumCVE-2026-1109: Buffer Overflow in cijliu librtsp
MediumCVE-2026-1107: Unrestricted Upload in EyouCMS
MediumCVE-2026-1106: Improper Authorization in Chamilo LMS
MediumCVE-2026-1105: SQL Injection in EasyCMS
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.