VDB
SSA-194557
SSA-194557
PUBLISHED
CVSS 6.5 MEDIUM
Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SIPROTEC 5 6MD85 (CP300) | ||
| SIPROTEC 5 7SD82 (CP100) | ||
| SIPROTEC 5 6MD86 (CP300) | ||
| SIPROTEC 5 7SA82 (CP150) | ||
| SIPROTEC 5 7SA82 (CP100) | ||
| SIPROTEC 5 7KE85 (CP300) | ||
| SIPROTEC 5 7SJ85 (CP300) | ||
| SIPROTEC 5 6MU85 (CP300) | ||
| SIPROTEC 5 7SD82 (CP150) | ||
| SIPROTEC 5 7SD86 (CP300) | ||
| SIPROTEC 5 7SD87 (CP300) | ||
| SIPROTEC 5 6MD84 (CP300) | ||
| SIPROTEC 5 7SA86 (CP300) | ||
| SIPROTEC 5 7SJ81 (CP100) | ||
| SIPROTEC 5 7SJ82 (CP100) | ||
| SIPROTEC 5 7SA87 (CP300) | ||
| SIPROTEC 5 7SJ81 (CP150) | ||
| SIPROTEC 5 7SJ82 (CP150) | ||
| SIPROTEC 5 6MD89 (CP300) | ||
| SIPROTEC 5 7SJ86 (CP300) |
Exploit Intelligence
- https://cert-portal.siemens.com/productcert/html/ssa-194557.html (circl)
- https://cert-portal.siemens.com/productcert/csaf/ssa-194557.json (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109742950/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109814150/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109757428/ (circl)
- https://support.industry.siemens.com/cs/ww/en/view/109796884/ (circl)
Timeline
- Jan 14, 2025 CVE Published
- Nov 11, 2025 CVE Updated
References
- https://cert-portal.siemens.com/productcert/html/ssa-194557.html advisory
- https://cert-portal.siemens.com/productcert/csaf/ssa-194557.json advisory
- https://support.industry.siemens.com/cs/ww/en/view/109742950/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109814150/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109757428/ fix
- https://support.industry.siemens.com/cs/ww/en/view/109796884/ fix