CVE-2023-28766

Name of the Vulnerable Software and Affected Versions SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.40 SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.64 SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SA82 (CP100) version all SIPROTEC 5 7SA82 (CP150) versions prior to 9.40 SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SD82 (CP100) version all SIPROTEC 5 7SD82 (CP150) versions prior to 9.40 SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SJ81 (CP100) versions prior to 8.89 SIPROTEC 5 7SJ81 (CP150) versions prior to 9.40 SIPROTEC 5 7SJ82 (CP100) versions prior to 8.89 SIPROTEC 5 7SJ82 (CP150) versions prior to 9.40 SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SK82 (CP100) versions prior to 8.89 SIPROTEC 5 7SK82 (CP150) versions prior to 9.40 SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SL82 (CP100) version all SIPROTEC 5 7SL82 (CP150) versions prior to 9.40 SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7ST85 (CP300) versions 7.80 through 9.64 SIPROTEC 5 7ST86 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7SX82 (CP150) versions prior to 9.40 SIPROTEC 5 7SX85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7UT82 (CP100) version all SIPROTEC 5 7UT82 (CP150) versions prior to 9.40 SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.40 SIPROTEC 5 7VU85 (CP300) versions 7.80 through 9.40 SIPROTEC 5 Communication Module ETH-BA-2EL versions prior to 9.40 SIPROTEC 5 Communication Module ETH-BB-2FO versions prior to 9.40 SIPROTEC 5 Communication Module ETH-BD-2FO versions prior to 9.40 SIPROTEC 5 Compact 7SX800 (CP050) versions prior to 9.40

Description The affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause a denial of service condition of the target device.

Recommendations For SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.64, update to version 9.64 or later. For SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SA82 (CP100) version all, update to a version with proper validation of http request parameters. For SIPROTEC 5 7SA82 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SD82 (CP100) version all, update to a version with proper validation of http request parameters. For SIPROTEC 5 7SD82 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SJ81 (CP100) versions prior to 8.89, update to version 8.89 or later. For SIPROTEC 5 7SJ81 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7SJ82 (CP100) versions prior to 8.89, update to version 8.89 or later. For SIPROTEC 5 7SJ82 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SK82 (CP100) versions prior to 8.89, update to version 8.89 or later. For SIPROTEC 5 7SK82 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SL82 (CP100) version all, update to a version with proper validation of http request parameters. For SIPROTEC 5 7SL82 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7ST85 (CP300) versions 7.80 through 9.64, update to version 9.64 or later. For SIPROTEC 5 7ST86 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7SX82 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7SX85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7UT82 (CP100) version all, update to a version with proper validation of http request parameters. For SIPROTEC 5 7UT82 (CP150) versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 7VU85 (CP300) versions 7.80 through 9.40, update to version 9.40 or later. For SIPROTEC 5 Communication Module ETH-BA-2EL versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 Communication Module ETH-BB-2FO versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 Communication Module ETH-BD-2FO versions prior to 9.40, update to version 9.40 or later. For SIPROTEC 5 Compact 7SX800 (CP050) versions prior to 9.40, update to version 9.40 or later.