CVE-2019-10938

Name of the Vulnerable Software and Affected Versions SIPROTEC 5 devices with CPU variants CP200 versions prior to V7.59 SIPROTEC 5 devices with CPU variants CP300 and CP100 versions prior to V8.01 Siemens Power Meters Series 9410 versions prior to V2.2.1 Siemens Power Meters Series 9810 (affected versions not specified)

Description A security issue has been identified that allows an unauthenticated attacker with network access to potentially insert arbitrary code, which is executed before firmware verification in the device. There are no known public exploits of this issue at the time of advisory publication.

Recommendations For SIPROTEC 5 devices with CPU variants CP200, update to version V7.59 or later. For SIPROTEC 5 devices with CPU variants CP300 and CP100, update to version V8.01 or later. For Siemens Power Meters Series 9410, update to version V2.2.1 or later. For Siemens Power Meters Series 9810, at the moment, there is no information about a newer version that contains a fix for this vulnerability.