Security Analysis of a Siemens SICAM CMIC Remote Terminal Unit

Abstract: In the power industry, electrical grids are undergoing a modernization intosmart grids. The new smart grids integrate the electrical grid and informationand communication technologies, such as software, automation, and informationprocessing. While enabling remote communication with devices on thegrid, putting the grid online also introduces some major problems, such as therisk of being the target of cyber attacks.In this thesis, a security analysis of the Siemens SICAM CMIC CP-8000 remoteterminal unit, used for remote monitoring and automation of electricalgrids is done. Threat modeling was done to identify vulnerabilities in the system,followed by a penetration test of the web interface, used to configure thedevice, as well as a couple of network attacks. During the penetration test, twocross-site scripting vulnerabilities were discovered, one of which could allowan unauthorized attacker to execute Javascript code in the victim’s browser. Itwas also discovered that a user’s login credentials are leaked in the browserconsole in cleartext when logging in.