[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-siemens-sicam-8-patched-for-four-ics-vulnerabilities":10,"sections":40},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":30,"tags":31,"sources":35,"feedback":39,"feedback_at":22,"cost_usd":39,"total_tokens":39},4778,"siemens-sicam-8-patched-for-four-ics-vulnerabilities","Siemens SICAM 8 Patched for Four ICS Vulnerabilities","Siemens has fixed four flaws in its SICAM 8 power-grid hardware, including a CVSS 7.2 privilege escalation bug affecting energy infrastructure worldwide.","Four security flaws in Siemens SICAM 8 industrial control hardware now have patches — operators running older firmware should update immediately.\n\nSiemens and CISA jointly disclosed the vulnerabilities on July 16, covering multiple SICAM 8 product lines: the A8000 device firmware, CPCI85 for CP-8031\u002FCP-8050, SICORE for CP-8010\u002FCP-8012, the EGS device firmware, and the S8000. All four CVEs affect CPCI85 versions below V26.20 and SICORE versions below V26.20.0. The fixes arrive in V26.20 and V26.20.0 respectively. The flaws range in severity: CVE-2026-54800 (insecure OPC UA defaults, CVSS 4.8) sits at the low end; CVE-2026-54801 (insufficient credential validation enabling privilege escalation, CVSS 7.2 HIGH) is the most serious of the group.\n\nSICAM 8 devices sit in critical manufacturing and energy infrastructure globally, which makes the privilege escalation flaw worth taking seriously — an authenticated attacker who clears that bar can hit confidentiality, integrity, and availability at once. The firmware-update signature bypass in CVE-2026-54799 (CVSS 6.7) is the kind of flaw that enables persistent implants, a technique increasingly common in state-sponsored ICS campaigns.\n\nThe OPC UA misconfiguration bug (CVE-2026-54800) is almost a case study in how default settings become someone else's problem: shipping with all security mechanisms disabled is a choice, and it is not a good one.","[\"ics\",\"security\",\"siemens\",\"vulnerabilities\"]","2026-07-16T12:00:00.000Z","2026-07-16T17:04:27.623Z","2026-07-16T17:04:30.430Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"The article states the most severe CVSS score is 7.2 but attributes it to CVE-2026-54798 (the debug interface\u002FDoS flaw), which the source scores 6.5; the 7.2 belongs to CVE-2026-54801 (the privilege escalation); fix the score-to-CVE attribution before publishing.","resolved","security",[32,30,33,34],"ics","siemens","vulnerabilities",[36],{"name":37,"url":38},"CISA Advisories","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-197-05",0,{"sections":41},[42,47,51,56,61,66,71,76,81,86,91,96,101,106],{"name":43,"slug":44,"count":45,"latest_published_at":46},"AI","ai",2596,"2026-07-16T19:59:08.000Z",{"name":48,"slug":30,"count":49,"latest_published_at":50},"Security",301,"2026-07-16T16:05:00.000Z",{"name":52,"slug":53,"count":54,"latest_published_at":55},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":57,"slug":58,"count":59,"latest_published_at":60},"Policy","policy",162,"2026-07-16T18:16:53.000Z",{"name":62,"slug":63,"count":64,"latest_published_at":65},"Hardware","hardware",125,"2026-07-16T15:39:09.000Z",{"name":67,"slug":68,"count":69,"latest_published_at":70},"Consumer Tech","consumer-tech",94,"2026-07-16T16:29:46.000Z",{"name":72,"slug":73,"count":74,"latest_published_at":75},"Software","software",71,"2026-07-16T15:33:28.000Z",{"name":77,"slug":78,"count":79,"latest_published_at":80},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":82,"slug":83,"count":84,"latest_published_at":85},"Dev Tools","dev-tools",60,"2026-07-16T16:59:13.000Z",{"name":87,"slug":88,"count":89,"latest_published_at":90},"Startups","startups",42,"2026-07-16T16:30:35.000Z",{"name":92,"slug":93,"count":94,"latest_published_at":95},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":97,"slug":98,"count":99,"latest_published_at":100},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":102,"slug":103,"count":104,"latest_published_at":105},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":107,"slug":108,"count":109,"latest_published_at":110},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]