71 matches found
Siemens SIPROTEC 5 Small Space of Random Values (CVE-2024-54017)
Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization. This plugin only works with...
Siemens多款产品 代码问题漏洞
Siemens SIPROTEC 5 6MD84, among others, are relay devices produced by the German company Siemens. Several Siemens products have code vulnerabilities. These vulnerabilities stem from allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol, which may lead to denial of servic...
Siemens SIPROTEC Inadequate Encryption Strength (CVE-2024-38867)
The affected devices are supporting weak ciphers on several ports 443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS. This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports. This plugin only...
Siemens SIPROTEC 5 Allocation of Resources Without Limits or Throttling (CVE-2025-40570)
Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop respondin...
Siemens SIPROTEC 4 and SIPROTEC 4 Compact Improper Check For Unusual or Exceptional Conditions (CVE-2024-52504)
Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted. This plugin only works with Tenable.ot. Please visit...
Siemens SIPROTEC 5 Compact 7SX800 (CP050) Local USB Port Network Packet Bandwidth Limit Improperly Vulnerability
The SIPROTEC 5 Compact 7SX800 CP050 offers a range of integrated protection, control, measurement and automation functions for substations and other applications. The Siemens SIPROTEC 5 Compact 7SX800 CP050 suffers from an improper bandwidth limitation of network packets on the local USB port...
PT-2025-32650 · Siemens · Siprotec 5 7Sa82 +16
Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 CP300 versions prior to 10.0 SIPROTEC 5 6MD85 CP300 versions 7.80 through 9.99 SIPROTEC 5 6MD86 CP300 versions 7.80 through 9.99 SIPROTEC 5 6MD89 CP300 versions 7.80 through 9.99 SIPROTEC 5 6MU85 CP300 versions 7.80 through...
Siemens多款产品 代码问题漏洞
Siemens SIPROTEC 4 is a multifunction relay from Siemens Germany. A code issue vulnerability exists in various Siemens products that stems from mishandling of a file transfer operation, which could result in a denial of service. The following products are affected: SIPROTEC 4 6MD61, 6MD63, 6MD66,...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on July 10, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-191-01 Siemens SINEC NMS ICSA-25-191-02 Siemens Solid Edge ICSA-25-191-03 Siemens TI...
PT-2025-28400 · Siemens · Siprotec 5 7Sa82 +16
Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 CP300 All versions SIPROTEC 5 6MD85 CP300 All versions SIPROTEC 5 6MD86 CP300 All versions SIPROTEC 5 6MD89 CP300 All versions SIPROTEC 5 6MD89 CP300 V9.6 All versions SIPROTEC 5 6MU85 CP300 All versions SIPROTEC 5 7KE85 CP30...
Siemens SIPROTEC 5
SUMMARY A sensitive data exposure vulnerability in SIPROTEC 5 can allow an attacker to retrieve sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access. Siemens is preparing fix versions and recommends countermeasures for...
Siemens SIPROTEC 5 Devices Use of Default Credentials (CVE-2024-54015)
Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials. This plugin only works with Tenable.ot. Please visit...
Siemens SIPROTEC 5 Active Debug Code (CVE-2024-53648)
Affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device. This plugin only works with Tenable.ot. Please visit...
Siemens SIPROTEC 5 Cleartext Storage of Sensitive Information (CVE-2024-53651)
Affected devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the entire filesystem of the device. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens SIPROTEC 5 安全漏洞
Siemens SIPROTEC 5 is a multifunction relay from Siemens Germany. A security vulnerability exists in the Siemens SIPROTEC 5 that stems from the affected device not properly restricting access to the development shell through the physical interface. This could allow an unauthenticated attacker to...
Siemens SIPROTEC 5 安全漏洞
SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other applications. A sensitive information plaintext storage vulnerability exists in Siemens SIPROTEC 5. The vulnerability arises because affected SIPROTEC 5 devices do...
Siemens SIPROTEC 5 Devices
SUMMARY An information disclosure vulnerability in SIPROTEC 5 devices could allow an unauthenticated, remote attacker to retrieve sensitive information of the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is...
Siemens SIPROTEC 5 Sensitive Information Plaintext Storage Vulnerability
SIPROTEC 5 devices provide a range of integrated protection, control, measurement and automation functions for substations and other applications. A sensitive information plaintext storage vulnerability exists in Siemens SIPROTEC 5. The vulnerability arises because affected SIPROTEC 5 devices do...
Siemens SIPROTEC 5 Products Files or Directories Accessible to External Parties (CVE-2024-53649)
Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for...
PT-2025-2974 · Siemens · Siprotec 5 Compact 7Sx800 +16
Name of the Vulnerable Software and Affected Versions: SIPROTEC 5 6MD84 CP300 versions prior to V9.80 SIPROTEC 5 6MD85 CP300 versions 7.80 through 9.79 SIPROTEC 5 6MD86 CP300 versions 7.80 through 9.79 SIPROTEC 5 6MD89 CP300 versions 7.80 through 9.89 SIPROTEC 5 6MU85 CP300 versions 7.80 through...