Summary
SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
The following versions of Siemens SIPROTEC 5 Using DIGSI5 Protocol are affected:
- SIPROTEC 5 6MD84 (CP300) vers:all/*
- SIPROTEC 5 6MD85 (CP200) vers:all/*
- SIPROTEC 5 6MD85 (CP300) vers:all/*
- SIPROTEC 5 6MD86 (CP200) vers:all/*
- SIPROTEC 5 6MD86 (CP300) vers:all/*
- SIPROTEC 5 6MD89 (CP300) vers:all/*
- SIPROTEC 5 6MU85 (CP300) vers:all/*
- SIPROTEC 5 7KE85 (CP200) vers:all/*
- SIPROTEC 5 7KE85 (CP300) vers:all/*
- SIPROTEC 5 7SA82 (CP100) vers:all/*
- SIPROTEC 5 7SA82 (CP150) vers:all/*
- SIPROTEC 5 7SA86 (CP200) vers:all/*
- SIPROTEC 5 7SA86 (CP300) vers:all/*
- SIPROTEC 5 7SA87 (CP200) vers:all/*
- SIPROTEC 5 7SA87 (CP300) vers:all/*
- SIPROTEC 5 7SD82 (CP100) vers:all/*
- SIPROTEC 5 7SD82 (CP150) vers:all/*
- SIPROTEC 5 7SD86 (CP200) vers:all/*
- SIPROTEC 5 7SD86 (CP300) vers:all/*
- SIPROTEC 5 7SD87 (CP200) vers:all/*
- SIPROTEC 5 7SD87 (CP300) vers:all/*
- SIPROTEC 5 7SJ81 (CP100) vers:all/*
- SIPROTEC 5 7SJ81 (CP150) vers:all/*
- SIPROTEC 5 7SJ82 (CP100) vers:all/*
- SIPROTEC 5 7SJ82 (CP150) vers:all/*
- SIPROTEC 5 7SJ85 (CP200) vers:all/*
- SIPROTEC 5 7SJ85 (CP300) vers:all/*
- SIPROTEC 5 7SJ86 (CP200) vers:all/*
- SIPROTEC 5 7SJ86 (CP300) vers:all/*
- SIPROTEC 5 7SK82 (CP100) vers:all/*
- SIPROTEC 5 7SK82 (CP150) vers:all/*
- SIPROTEC 5 7SK85 (CP200) vers:all/*
- SIPROTEC 5 7SK85 (CP300) vers:all/*
- SIPROTEC 5 7SL82 (CP100) vers:all/*
- SIPROTEC 5 7SL82 (CP150) vers:all/*
- SIPROTEC 5 7SL86 (CP200) vers:all/*
- SIPROTEC 5 7SL86 (CP300) vers:all/*
- SIPROTEC 5 7SL87 (CP200) vers:all/*
- SIPROTEC 5 7SL87 (CP300) vers:all/*
- SIPROTEC 5 7SS85 (CP200) vers:all/*
- SIPROTEC 5 7SS85 (CP300) vers:all/*
- SIPROTEC 5 7ST85 (CP200) vers:all/*
- SIPROTEC 5 7ST85 (CP300) vers:all/*
- SIPROTEC 5 7ST86 (CP300) vers:all/*
- SIPROTEC 5 7SX82 (CP150) vers:all/*
- SIPROTEC 5 7SX85 (CP300) vers:all/*
- SIPROTEC 5 7SY82 (CP150) vers:all/*
- SIPROTEC 5 7UM85 (CP300) vers:all/*
- SIPROTEC 5 7UT82 (CP100) vers:all/*
- SIPROTEC 5 7UT82 (CP150) vers:all/*
- SIPROTEC 5 7UT85 (CP200) vers:all/*
- SIPROTEC 5 7UT85 (CP300) vers:all/*
- SIPROTEC 5 7UT86 (CP200) vers:all/*
- SIPROTEC 5 7UT86 (CP300) vers:all/*
- SIPROTEC 5 7UT87 (CP200) vers:all/*
- SIPROTEC 5 7UT87 (CP300) vers:all/*
- SIPROTEC 5 7VE85 (CP300) vers:all/*
- SIPROTEC 5 7VK87 (CP200) vers:all/*
- SIPROTEC 5 7VK87 (CP300) vers:all/*
- SIPROTEC 5 7VU85 (CP300) vers:all/*
- SIPROTEC 5 Compact 7SX800 (CP050) vers:all/*
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.1 | Siemens | Siemens SIPROTEC 5 Using DIGSI5 Protocol | Unrestricted Upload of File with Dangerous Type |
Background
- Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Germany
Vulnerabilities
Read the original article: