SSA-767615 — Vulnetix

SSA-767615 PUBLISHED CVSS 7.5 HIGH

Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Siemens	SIPROTEC 5 7SJ85 (CP300)
Siemens	SIPROTEC 5 7UT86 (CP300)
Siemens	SIPROTEC 5 7SK85 (CP300)
Siemens	SIPROTEC 5 7KE85 (CP300)
Siemens	SIPROTEC 5 7SJ82 (CP150)
Siemens	SIPROTEC 5 7VU85 (CP300)
Siemens	SIPROTEC 5 7SA87 (CP300)
Siemens	SIPROTEC 5 7UT82 (CP150)
Siemens	SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.6
Siemens	SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.8
Siemens	SIPROTEC 5 7SJ86 (CP300)
Siemens	SIPROTEC 5 7SD82 (CP150)
Siemens	SIPROTEC 5 7UT87 (CP300)
Siemens	SIPROTEC 5 7SL82 (CP150)
Siemens	SIPROTEC 5 7SJ81 (CP150)
Siemens	SIPROTEC 5 7SD87 (CP300)
Siemens	SIPROTEC 5 7SK82 (CP150)
Siemens	SIPROTEC 5 7ST85 (CP300) V9.6x
Siemens	SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2)
Siemens	SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.6

…and 28 more

Timeline

Feb 11, 2025 CVE Published
Aug 12, 2025 CVE Updated

References

Open in Interactive Console →