Vulnetix
Try Vulnetix Request Demo
SSA-194557 PUBLISHED CVSS 6.5 MEDIUM

Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
SIPROTEC 5 6MD85 (CP300)
SIPROTEC 5 7SD82 (CP100)
SIPROTEC 5 6MD86 (CP300)
SIPROTEC 5 7SA82 (CP150)
SIPROTEC 5 7SA82 (CP100)
SIPROTEC 5 7KE85 (CP300)
SIPROTEC 5 7SJ85 (CP300)
SIPROTEC 5 6MU85 (CP300)
SIPROTEC 5 7SD82 (CP150)
SIPROTEC 5 7SD86 (CP300)
SIPROTEC 5 7SD87 (CP300)
SIPROTEC 5 6MD84 (CP300)
SIPROTEC 5 7SA86 (CP300)
SIPROTEC 5 7SJ81 (CP100)
SIPROTEC 5 7SJ82 (CP100)
SIPROTEC 5 7SA87 (CP300)
SIPROTEC 5 7SJ81 (CP150)
SIPROTEC 5 7SJ82 (CP150)
SIPROTEC 5 6MD89 (CP300)
SIPROTEC 5 7SJ86 (CP300)

Timeline

References

Open in Interactive Console →