The SICAM A8000 rtu (remote terminal unit) series is a modular family of devices for remote control and automation applications in all areas of energy supply. A command injection vulnerability exists in the Siemens CPCI85 Firmware of SICAM A8000 Devices, which can be exploited by an authenticated, remote attacker to inject commands executed on the device with root privileges during device startup.