PT-2026-39977 · Siemens · Siprotec 5 6Md89+18
Published
2026-05-12
·
Updated
2026-05-14
·
CVE-2024-54017
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SIPROTEC 5 6MD84 (CP300) versions prior to V11.0
SIPROTEC 5 6MD85 (CP200) (affected versions not specified)
SIPROTEC 5 6MD85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 6MD86 (CP200) (affected versions not specified)
SIPROTEC 5 6MD86 (CP300) versions V7.80 through V11.0
SIPROTEC 5 6MD89 (CP300) versions V7.80 through V11.0
SIPROTEC 5 6MU85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7KE85 (CP200) (affected versions not specified)
SIPROTEC 5 7KE85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SA82 (CP100) versions V7.80 and later
SIPROTEC 5 7SA82 (CP150) versions prior to V11.0
SIPROTEC 5 7SA84 (CP200) (affected versions not specified)
SIPROTEC 5 7SA86 (CP200) (affected versions not specified)
SIPROTEC 5 7SA86 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SA87 (CP200) (affected versions not specified)
SIPROTEC 5 7SA87 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SD82 (CP100) versions V7.80 and later
SIPROTEC 5 7SD82 (CP150) versions prior to V11.0
SIPROTEC 5 7SD84 (CP200) (affected versions not specified)
SIPROTEC 5 7SD86 (CP200) (affected versions not specified)
SIPROTEC 5 7SD86 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SD87 (CP200) (affected versions not specified)
SIPROTEC 5 7SD87 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SJ81 (CP100) versions V7.80 and later
SIPROTEC 5 7SJ81 (CP150) versions prior to V11.0
SIPROTEC 5 7SJ82 (CP100) versions V7.80 and later
SIPROTEC 5 7SJ82 (CP150) versions prior to V11.0
SIPROTEC 5 7SJ85 (CP200) (affected versions not specified)
SIPROTEC 5 7SJ85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SJ86 (CP200) (affected versions not specified)
SIPROTEC 5 7SJ86 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SK82 (CP100) versions V7.80 and later
SIPROTEC 5 7SK82 (CP150) versions prior to V11.0
SIPROTEC 5 7SK85 (CP200) (affected versions not specified)
SIPROTEC 5 7SK85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SL82 (CP100) versions V7.80 and later
SIPROTEC 5 7SL82 (CP150) versions prior to V11.0
SIPROTEC 5 7SL86 (CP200) (affected versions not specified)
SIPROTEC 5 7SL86 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SL87 (CP200) (affected versions not specified)
SIPROTEC 5 7SL87 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7SS85 (CP200) (affected versions not specified)
SIPROTEC 5 7SS85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7ST85 (CP200) (affected versions not specified)
SIPROTEC 5 7ST85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7ST86 (CP300) versions prior to V11.0
SIPROTEC 5 7SX82 (CP150) versions prior to V11.0
SIPROTEC 5 7SX85 (CP300) versions prior to V11.0
SIPROTEC 5 7SY82 (CP150) versions prior to V11.0
SIPROTEC 5 7UM85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7UT82 (CP100) versions V7.80 and later
SIPROTEC 5 7UT82 (CP150) versions prior to V11.0
SIPROTEC 5 7UT85 (CP200) (affected versions not specified)
SIPROTEC 5 7UT85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7UT86 (CP200) (affected versions not specified)
SIPROTEC 5 7UT86 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7UT87 (CP200) (affected versions not specified)
SIPROTEC 5 7UT87 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7VE85 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7VK87 (CP200) (affected versions not specified)
SIPROTEC 5 7VK87 (CP300) versions V7.80 through V11.0
SIPROTEC 5 7VU85 (CP300) versions prior to V11.0
SIPROTEC 5 Compact 7SX800 (CP050) versions prior to V11.0
Description
Devices do not use sufficiently random values when creating session identifiers. This allows an unauthenticated remote attacker to brute force a session identifier and gain unauthorized read access to limited information from the web server.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siprotec 5 6Md84
Siprotec 5 6Md85
Siprotec 5 6Md86
Siprotec 5 6Md89
Siprotec 5 7Ke85
Siprotec 5 7Sa82
Siprotec 5 7Sa84
Siprotec 5 7Sa86
Siprotec 5 7Sa87
Siprotec 5 7Sd84
Siprotec 5 7Sj81
Siprotec 5 7Sj85
Siprotec 5 7St85
Siprotec 5 7St86
Siprotec 5 7Um85
Siprotec 5 7Ut82
Siprotec 5 7Ut87
Siprotec 5 7Vk87
Siprotec 5 Compact 7Sx800