VDB

SSA-194557

SSA-194557 PUBLISHED CVSS 6.5 MEDIUM

Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
SIPROTEC 5 6MD85 (CP300)
SIPROTEC 5 7SD82 (CP100)
SIPROTEC 5 6MD86 (CP300)
SIPROTEC 5 7SA82 (CP150)
SIPROTEC 5 7SA82 (CP100)
SIPROTEC 5 7KE85 (CP300)
SIPROTEC 5 7SJ85 (CP300)
SIPROTEC 5 6MU85 (CP300)
SIPROTEC 5 7SD82 (CP150)
SIPROTEC 5 7SD86 (CP300)
SIPROTEC 5 7SD87 (CP300)
SIPROTEC 5 6MD84 (CP300)
SIPROTEC 5 7SA86 (CP300)
SIPROTEC 5 7SJ81 (CP100)
SIPROTEC 5 7SJ82 (CP100)
SIPROTEC 5 7SA87 (CP300)
SIPROTEC 5 7SJ81 (CP150)
SIPROTEC 5 7SJ82 (CP150)
SIPROTEC 5 6MD89 (CP300)
SIPROTEC 5 7SJ86 (CP300)

Timeline

  • Jan 14, 2025 CVE Published
  • Nov 11, 2025 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›