PT-2025-6197 · Siemens · Siprotec 5
Published
2025-02-11
·
Updated
2025-02-16
·
CVE-2024-54015
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
SIPROTEC 5 6MD84 (CP300) versions prior to V9.90
SIPROTEC 5 6MD85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 6MD86 (CP300) versions 8.80 through 9.89
SIPROTEC 5 6MD89 (CP300) versions 8.80 through 9.89
SIPROTEC 5 6MU85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7KE85 (CP300) versions 8.80 and later
SIPROTEC 5 7SA82 (CP150) versions prior to V9.90
SIPROTEC 5 7SA86 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SA87 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SD82 (CP150) versions prior to V9.90
SIPROTEC 5 7SD86 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SD87 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SJ81 (CP150) versions prior to V9.90
SIPROTEC 5 7SJ82 (CP150) versions prior to V9.90
SIPROTEC 5 7SJ85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SJ86 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SK82 (CP150) versions prior to V9.90
SIPROTEC 5 7SK85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SL82 (CP150) versions prior to V9.90
SIPROTEC 5 7SL86 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SL87 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SS85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7ST85 (CP300) versions 8.80 and later
SIPROTEC 5 7ST86 (CP300) all versions
SIPROTEC 5 7SX82 (CP150) versions prior to V9.90
SIPROTEC 5 7SX85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7SY82 (CP150) versions prior to V9.90
SIPROTEC 5 7UM85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7UT82 (CP150) versions prior to V9.90
SIPROTEC 5 7UT85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7UT86 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7UT87 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7VE85 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7VK87 (CP300) versions 8.80 through 9.89
SIPROTEC 5 7VU85 (CP300) versions prior to V9.90
SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) versions prior to V9.90
SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) versions prior to V9.90
SIPROTEC 5 Communication Module ETH-BD-2FO versions 8.80 through 9.89
SIPROTEC 5 Compact 7SX800 (CP050) versions 9.50 through 9.89
Description:
The affected devices do not properly validate SNMP GET requests, allowing an unauthenticated, remote attacker to retrieve sensitive information using default credentials and SNMPv2 GET requests.
Recommendations:
For SIPROTEC 5 devices with versions prior to V9.90, update to version V9.90 or later.
For SIPROTEC 5 devices with versions between 8.80 and 9.89, update to version V9.90 or later.
For SIPROTEC 5 7ST85 (CP300) and SIPROTEC 5 7ST86 (CP300), update to the latest version available.
As a temporary workaround, consider restricting access to SNMP GET requests until a patch is available.
Restrict access to default credentials to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siprotec 5