CVE-2024-53649

Name of the Vulnerable Software and Affected Versions SIPROTEC 5 6MD84 (CP300) versions prior to V9.80 SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.89 SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SA82 (CP100) versions 7.80 and later SIPROTEC 5 7SA82 (CP150) versions prior to V9.80 SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SD82 (CP100) versions 7.80 and later SIPROTEC 5 7SD82 (CP150) versions prior to V9.80 SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SJ81 (CP100) versions 7.80 and later SIPROTEC 5 7SJ81 (CP150) versions prior to V9.80 SIPROTEC 5 7SJ82 (CP100) versions 7.80 and later SIPROTEC 5 7SJ82 (CP150) versions prior to V9.80 SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SK82 (CP100) versions 7.80 and later SIPROTEC 5 7SK82 (CP150) versions prior to V9.80 SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SL82 (CP100) versions 7.80 and later SIPROTEC 5 7SL82 (CP150) versions prior to V9.80 SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7ST85 (CP300) versions prior to V9.80 SIPROTEC 5 7ST86 (CP300) versions prior to V9.80 SIPROTEC 5 7SX82 (CP150) versions prior to V9.80 SIPROTEC 5 7SX85 (CP300) versions prior to V9.80 SIPROTEC 5 7SY82 (CP150) versions prior to V9.80 SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT82 (CP100) versions 7.80 and later SIPROTEC 5 7UT82 (CP150) versions prior to V9.80 SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.79 SIPROTEC 5 7VU85 (CP300) versions prior to V9.80 SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.80

Description The affected devices do not properly limit the path accessible via their webserver, allowing an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.

Recommendations For SIPROTEC 5 6MD84 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.89, update to version V9.90 or later. For SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SA82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SA82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SD82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SD82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SJ81 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SJ81 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SJ82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SJ82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SK82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SK82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SL82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7SL82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7ST85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7ST86 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SX82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SX85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7SY82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT82 (CP100) versions 7.80 and later, restrict access to the webserver until a patch is available. For SIPROTEC 5 7UT82 (CP150) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.79, update to version V9.80 or later. For SIPROTEC 5 7VU85 (CP300) versions prior to V9.80, update to version V9.80 or later. For SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V9.80, update to version V9.80 or later.