CVE-2019-10931

Name of the Vulnerable Software and Affected Versions SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules versions prior to V7.90 DIGSI 5 engineering software versions prior to V7.90 SIPROTEC 5 device types 7SS85 and 7KE85 versions prior to V8.01 SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules versions prior to V7.59 SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules versions prior to V7.59

Description A vulnerability has been identified that is related to insufficient input validation in the software. This issue can be exploited by sending specially crafted packets to port 443/TCP, potentially causing a Denial of Service condition. The vulnerability can be exploited remotely.

Recommendations For SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules, update to version V7.90 or later. For DIGSI 5 engineering software, update to version V7.90 or later. For SIPROTEC 5 device types 7SS85 and 7KE85, update to version V8.01 or later. For SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules, update to version V7.59 or later. For SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules, update to version V7.59 or later. As a temporary workaround, consider restricting access to port 443/TCP to minimize the risk of exploitation.