PT-2025-32650 · Siemens · Siprotec 5 7Sa82+16
Published
2025-08-12
·
Updated
2025-08-12
·
CVE-2025-40570
CVSS v3.1
2.4
Low
| Vector | AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions:
SIPROTEC 5 6MD84 (CP300) versions prior to 10.0
SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.99
SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.99
SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SA82 (CP150) versions prior to 10.0
SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SD82 (CP150) versions prior to 10.0
SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SJ81 (CP150) versions prior to 10.0
SIPROTEC 5 7SJ82 (CP150) versions prior to 10.0
SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SK82 (CP150) versions prior to 10.0
SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SL82 (CP150) versions prior to 10.0
SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7ST85 (CP300) versions prior to 10.0
SIPROTEC 5 7ST86 (CP300) versions prior to 10.0
SIPROTEC 5 7SX82 (CP150) versions prior to 10.0
SIPROTEC 5 7SX85 (CP300) versions prior to 10.0
SIPROTEC 5 7SY82 (CP150) versions prior to 10.0
SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7UT82 (CP150) versions prior to 10.0
SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.99
SIPROTEC 5 7VU85 (CP300) versions prior to 10.0
SIPROTEC 5 Compact 7SX800 (CP050) versions prior to 10.0
Description:
The affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices, causing them to exhaust their memory and stop responding to network traffic via the local USB port. Affected devices automatically reset after a successful attack. The protection function is not affected by this issue.
Recommendations:
SIPROTEC 5 6MD84 (CP300) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 6MD85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 6MD86 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 6MD89 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 6MU85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7KE85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SA82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SA86 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SA87 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SD82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SD86 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SD87 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SJ81 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SJ82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SJ85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SJ86 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SK82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SK85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SL82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SL86 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SL87 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7SS85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7ST85 (CP300) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7ST86 (CP300) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SX82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SX85 (CP300) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7SY82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7UM85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7UT82 (CP150) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 7UT85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7UT86 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7UT87 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7VE85 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7VK87 (CP300) versions 7.80 through 9.99: Update to version 10.0 or later.
SIPROTEC 5 7VU85 (CP300) versions prior to 10.0: Update to version 10.0 or later.
SIPROTEC 5 Compact 7SX800 (CP050) versions prior to 10.0: Update to version 10.0 or later.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siprotec 5 6Md84
Siprotec 5 6Md85
Siprotec 5 6Md86
Siprotec 5 6Md89
Siprotec 5 7Ke85
Siprotec 5 7Sa82
Siprotec 5 7Sa86
Siprotec 5 7Sa87
Siprotec 5 7St86
Siprotec 5 7Sj81
Siprotec 5 7Sj85
Siprotec 5 7St85
Siprotec 5 7Um85
Siprotec 5 7Ut82
Siprotec 5 7Ut87
Siprotec 5 7Vk87
Siprotec 5 Compact 7Sx800