cvelistv5 - cve-2024-53649

CVE-2024-53649 (GCVE-0-2024-53649)

Vulnerability from cvelistv5 – Published: 2025-01-14 10:30 – Updated: 2025-11-11 20:20

Summary

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.68), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80 < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80 < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.80), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80 < V8.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80 < V8.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80 < V8.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.80), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80 < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.80), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7ST85 (CP300) (All versions < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V9.80), SIPROTEC 5 7SX82 (CP150) (All versions < V9.80), SIPROTEC 5 7SX85 (CP300) (All versions < V9.80), SIPROTEC 5 7SY82 (CP150) (All versions < V9.80), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80 < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.80), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VU85 (CP300) (All versions < V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.80). Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-552 - Files or Directories Accessible to External Parties

Assigner

siemens

References

URL

Tags

https://cert-portal.siemens.com/productcert/html/…

Impacted products

Vendor

Product

Version

Siemens

SIPROTEC 5 6MD84 (CP300)

Affected: 0 , < V9.80 (custom)

Siemens	SIPROTEC 5 6MD85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 6MD86 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 6MD89 (CP300)	Affected: V7.80 , < V9.68 (custom)
Siemens	SIPROTEC 5 6MU85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7KE85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SA82 (CP100)	Affected: V7.80 , < V8.90 (custom)
Siemens	SIPROTEC 5 7SA82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SA86 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SA87 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SD82 (CP100)	Affected: V7.80 , < V8.90 (custom)
Siemens	SIPROTEC 5 7SD82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SD86 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SD87 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SJ81 (CP100)	Affected: V7.80 , < V8.90 (custom)
Siemens	SIPROTEC 5 7SJ81 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SJ82 (CP100)	Affected: V7.80 , < V8.90 (custom)
Siemens	SIPROTEC 5 7SJ82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SJ85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SJ86 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SK82 (CP100)	Affected: V7.80 , < V8.90 (custom)
Siemens	SIPROTEC 5 7SK82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SK85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SL82 (CP100)	Affected: V7.80 , < V8.90 (custom)
Siemens	SIPROTEC 5 7SL82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SL86 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SL87 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SS85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7ST85 (CP300)	Affected: 0 , < V9.68 (custom)
Siemens	SIPROTEC 5 7ST86 (CP300)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SX82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SX85 (CP300)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7SY82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7UM85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7UT82 (CP100)	Affected: V7.80 , < V8.90 (custom)
Siemens	SIPROTEC 5 7UT82 (CP150)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 7UT85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7UT86 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7UT87 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7VE85 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7VK87 (CP300)	Affected: V7.80 , < V9.80 (custom)
Siemens	SIPROTEC 5 7VU85 (CP300)	Affected: 0 , < V9.80 (custom)
Siemens	SIPROTEC 5 Compact 7SX800 (CP050)	Affected: 0 , < V9.80 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-53649",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T14:31:48.612161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-14T14:33:11.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD84 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MD89 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.68",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 6MU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7KE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.90",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SA87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.90",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SD87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.90",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ81 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.90",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SJ86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.90",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SK85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.90",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SL87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SS85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.68",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7ST86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SX85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7SY82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UM85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP100)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V8.90",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT82 (CP150)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT86 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7UT87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VE85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VK87 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "V7.80",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 7VU85 (CP300)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPROTEC 5 Compact 7SX800 (CP050)",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V9.80",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.80), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80 \u003c V9.68), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SK82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7ST85 (CP300) (All versions \u003c V9.68), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.80). Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552: Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T20:20:24.620Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-53649",
    "datePublished": "2025-01-14T10:30:13.430Z",
    "dateReserved": "2024-11-21T13:26:39.693Z",
    "dateUpdated": "2025-11-11T20:20:24.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.80), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SK82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.80). Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 6MD85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 6MD86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 6MD89 (CP300) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 6MU85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7KE85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SA82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SA82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SA86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SA87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SD82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SD82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SD86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SD87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SK82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SK82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SK85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SL82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SL82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SL86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SL87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SS85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7ST85 (CP300) (Todas las versiones), SIPROTEC 5 7ST86 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SX82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SX85 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SY82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7UM85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7UT82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7UT85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VE85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VK87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VU85 (CP300) (todas las versiones anteriores a V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (todas las versiones anteriores a V9.80). Los dispositivos afectados no limitan adecuadamente la ruta a la que se puede acceder a trav\\u00e9s de su servidor web. Esto podr\\u00eda permitir que un atacante remoto autenticado lea archivos arbitrarios del sistema de archivos de los dispositivos afectados.\"}]",
      "id": "CVE-2024-53649",
      "lastModified": "2025-01-14T11:15:16.820",
      "metrics": "{\"cvssMetricV40\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"HIGH\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
      "published": "2025-01-14T11:15:16.820",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-194557.html\", \"source\": \"productcert@siemens.com\"}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Received",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-53649\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2025-01-14T11:15:16.820\",\"lastModified\":\"2025-11-11T21:15:36.383\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.80), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80 \u003c V9.68), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SK82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7ST85 (CP300) (All versions \u003c V9.68), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.80). Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 6MD85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 6MD86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 6MD89 (CP300) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 6MU85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7KE85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SA82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SA82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SA86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SA87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SD82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SD82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SD86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SD87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SK82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SK82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SK85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SL82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SL82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SL86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SL87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SS85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7ST85 (CP300) (Todas las versiones), SIPROTEC 5 7ST86 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SX82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SX85 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SY82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7UM85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7UT82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7UT85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VE85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VK87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VU85 (CP300) (todas las versiones anteriores a V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (todas las versiones anteriores a V9.80). Los dispositivos afectados no limitan adecuadamente la ruta a la que se puede acceder a trav\u00e9s de su servidor web. Esto podr\u00eda permitir que un atacante remoto autenticado lea archivos arbitrarios del sistema de archivos de los dispositivos afectados.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-194557.html\",\"source\":\"productcert@siemens.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-53649\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-14T14:31:48.612161Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T14:33:06.641Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD84 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD89 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.68\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MU85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7KE85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA82 (CP100)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V8.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD82 (CP100)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V8.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ81 (CP100)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V8.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ81 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ82 (CP100)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V8.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SK82 (CP100)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V8.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SK82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SK85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL82 (CP100)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V8.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SS85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7ST85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.68\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7ST86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SX82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SX85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SY82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UM85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT82 (CP100)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V8.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VE85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VK87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V7.80\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VU85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Compact 7SX800 (CP050)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.80\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-194557.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.80), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80 \u003c V9.68), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SK82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7ST85 (CP300) (All versions \u003c V9.68), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.80). Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552: Files or Directories Accessible to External Parties\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-11-11T20:20:24.620Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-53649\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-11T20:20:24.620Z\", \"dateReserved\": \"2024-11-21T13:26:39.693Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2025-01-14T10:30:13.430Z\", \"assignerShortName\": \"siemens\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0029

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE W-700 IEEE 802.11ax versions antérieures à V3.0.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2023-44318.
Siemens	N/A	SIPROTEC 5 - CP050, CP150 et CP300 versions antérieures à 9.80
Siemens	N/A	SIMATIC S7-1200 versions antérieures à V4.7
Siemens	N/A	SIPROTEC 5 - CP100, 7ST85 et 6MD89 toutes versions pour la vulnérabilité CVE-2024-53649

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-194557	2025-01-14	vendor-advisory
Bulletin de sécurité Siemens SSA-690517	2025-01-14	vendor-advisory
Bulletin de sécurité Siemens SSA-717113	2025-01-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE W-700 IEEE 802.11ax versions ant\u00e9rieures \u00e0 V3.0.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2023-44318.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 - CP050, CP150 et CP300 versions ant\u00e9rieures \u00e0 9.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 versions ant\u00e9rieures \u00e0 V4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 - CP100, 7ST85 et 6MD89 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-53649",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-44317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
    },
    {
      "name": "CVE-2024-47100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47100"
    },
    {
      "name": "CVE-2023-44319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
    },
    {
      "name": "CVE-2023-44374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
    },
    {
      "name": "CVE-2024-53649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53649"
    },
    {
      "name": "CVE-2023-44318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0029",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-194557",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-690517",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-717113",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-717113.html"
    }
  ]
}

CERTFR-2025-AVI-0029

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE W-700 IEEE 802.11ax versions antérieures à V3.0.0. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2023-44318.
Siemens	N/A	SIPROTEC 5 - CP050, CP150 et CP300 versions antérieures à 9.80
Siemens	N/A	SIMATIC S7-1200 versions antérieures à V4.7
Siemens	N/A	SIPROTEC 5 - CP100, 7ST85 et 6MD89 toutes versions pour la vulnérabilité CVE-2024-53649

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-194557	2025-01-14	vendor-advisory
Bulletin de sécurité Siemens SSA-690517	2025-01-14	vendor-advisory
Bulletin de sécurité Siemens SSA-717113	2025-01-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE W-700 IEEE 802.11ax versions ant\u00e9rieures \u00e0 V3.0.0. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2023-44318.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 - CP050, CP150 et CP300 versions ant\u00e9rieures \u00e0 9.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 versions ant\u00e9rieures \u00e0 V4.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 - CP100, 7ST85 et 6MD89 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-53649",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-44317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
    },
    {
      "name": "CVE-2024-47100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47100"
    },
    {
      "name": "CVE-2023-44319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
    },
    {
      "name": "CVE-2023-44374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
    },
    {
      "name": "CVE-2024-53649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53649"
    },
    {
      "name": "CVE-2023-44318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0029",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-194557",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-690517",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-690517.html"
    },
    {
      "published_at": "2025-01-14",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-717113",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-717113.html"
    }
  ]
}

FKIE_CVE-2024-53649

Vulnerability from fkie_nvd - Published: 2025-01-14 11:15 - Updated: 2025-11-11 21:15

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	productcert@siemens.com	https://cert-portal.siemens.com/productcert/html/ssa-194557.html

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.80), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80 \u003c V9.68), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SK82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7ST85 (CP300) (All versions \u003c V9.68), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT82 (CP100) (All versions \u003e= V7.80 \u003c V8.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.80). Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 6MD85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 6MD86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 6MD89 (CP300) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 6MU85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7KE85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SA82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SA82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SA86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SA87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SD82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SD82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SD86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SD87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SK82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SK82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SK85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SL82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7SL82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SL86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SL87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7SS85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7ST85 (CP300) (Todas las versiones), SIPROTEC 5 7ST86 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SX82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SX85 (CP300) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7SY82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7UM85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT82 (CP100) (Todas las versiones \u0026gt;= V7.80), SIPROTEC 5 7UT82 (CP150) (Todas las versiones \u0026lt; V9.80), SIPROTEC 5 7UT85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT86 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7UT87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VE85 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VK87 (CP300) (Todas las versiones \u0026gt;= V7.80 \u0026lt; V9.80), SIPROTEC 5 7VU85 (CP300) (todas las versiones anteriores a V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (todas las versiones anteriores a V9.80). Los dispositivos afectados no limitan adecuadamente la ruta a la que se puede acceder a trav\u00e9s de su servidor web. Esto podr\u00eda permitir que un atacante remoto autenticado lea archivos arbitrarios del sistema de archivos de los dispositivos afectados."
    }
  ],
  "id": "CVE-2024-53649",
  "lastModified": "2025-11-11T21:15:36.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-14T11:15:16.820",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-552"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    }
  ]
}

CNVD-2025-01697

Vulnerability from cnvd - Published: 2025-01-17

Title

Siemens SIPROTEC 5文件访问限制不当漏洞

Description

SIPROTEC 5设备为变电站和其他应用领域提供一系列集成保护、控制、测量和自动化功能。 Siemens SIPROTEC 5存在文件访问限制不当漏洞，该漏洞源于设备未正确限制Web服务器对文件系统的访问，经过身份验证的远程攻击者可利用漏洞读取任意文件或设备的整个文件系统。

Severity

高

Formal description

除个别产品暂无漏洞修复方案外，厂商已为多个受影响的产品发布了新版本，并建议更新到最新版本，具体如下： 1、关于SIPROTEC 5 - CP050 Devices，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109796884/ 2、关于SIPROTEC 5 - CP150 Devices，请升级至V9.80及以上版本：（1）SIPROTEC 5 7SA82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109757433/ （2）SIPROTEC 5 7SD82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109757433/ （3）SIPROTEC 5 7SJ81 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109751934/ （4）SIPROTEC 5 7SJ82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109751934/ （5）SIPROTEC 5 7SK82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109757434/ （6）SIPROTEC 5 7SL82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109757433/ （7）SIPROTEC 5 7SX82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109768011/ （8）SIPROTEC 5 7SY82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109804070/ （9）SIPROTEC 5 7UT82 (CP150)：https://support.industry.siemens.com/cs/ww/en/view/109757438/ 3、关于SIPROTEC 5 - CP100 Devices，目前暂无漏洞修复方案。 4、关于SIPROTEC 5 - CP300 Devices，具体如下：（1）SIPROTEC 5 6MD84 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109814150/ （2）SIPROTEC 5 6MD85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757428/ （3）SIPROTEC 5 6MD86 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757428/ （4）SIPROTEC 5 6MD89 (CP300)，目前暂无漏洞修复方案（5）SIPROTEC 5 6MU85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109765263/ （6）SIPROTEC 5 7KE85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757430/ （7）SIPROTEC 5 7SA86 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （8）SIPROTEC 5 7SA87 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （9）SIPROTEC 5 7SD86 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （10）SIPROTEC 5 7SD87 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （11）SIPROTEC 5 7SJ85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109751934/ （12）SIPROTEC 5 7SJ86 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （13）SIPROTEC 5 7SK85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757434/ （14）SIPROTEC 5 7SL86 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （15）SIPROTEC 5 7SL87 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （16）SIPROTEC 5 7SS85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757429/ （17）SIPROTEC 5 7ST85 (CP300)，目前暂无漏洞修复方案（18）SIPROTEC 5 7ST86 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109768428/ （19）SIPROTEC 5 7SX85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109768011/ （20）SIPROTEC 5 7UM85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757431/ （21）SIPROTEC 5 7UT85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757438/ （22）SIPROTEC 5 7UT86 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757438/ （23）SIPROTEC 5 7UT87 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757438/ （24）SIPROTEC 5 7VE85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109749865/ （25）SIPROTEC 5 7VK87 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109757433/ （26）SIPROTEC 5 7VU85 (CP300)，请升级至V9.80及以上版本： https://support.industry.siemens.com/cs/ww/en/view/109800399/

Reference

https://cert-portal.siemens.com/productcert/html/ssa-194557.html

Impacted products

Name
['Siemens SIPROTEC 5 Compact 7SX800 (CP050) <V9.80', 'Siemens SIPROTEC 5 7SA82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SD82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SJ81 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SJ82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SK82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SL82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SX82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SY82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7UT82 (CP150) <V9.80', 'Siemens SIPROTEC 5 6MD84 (CP300) <V9.80', 'Siemens SIPROTEC 5 6MD85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 6MD86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 6MD89 (CP300) >=V7.80', 'Siemens SIPROTEC 5 6MU85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7KE85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SA86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SA87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SD86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SD87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SJ85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SJ86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SK85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SL86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SL87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SS85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7ST85 (CP300)', 'Siemens SIPROTEC 5 7ST86 (CP300) <V9.80', 'Siemens SIPROTEC 5 7SX85 (CP300) <V9.80', 'Siemens SIPROTEC 5 7UM85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7UT85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7UT86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7UT87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7VE85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7VK87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7VU85 (CP300) <V9.80', 'Siemens SIPROTEC 5 7SA82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SD82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SJ81 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SJ82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SL82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7UT82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SK82 (CP100) >=V7.80']

Name

['Siemens SIPROTEC 5 Compact 7SX800 (CP050) <V9.80', 'Siemens SIPROTEC 5 7SA82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SD82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SJ81 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SJ82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SK82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SL82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SX82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7SY82 (CP150) <V9.80', 'Siemens SIPROTEC 5 7UT82 (CP150) <V9.80', 'Siemens SIPROTEC 5 6MD84 (CP300) <V9.80', 'Siemens SIPROTEC 5 6MD85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 6MD86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 6MD89 (CP300) >=V7.80', 'Siemens SIPROTEC 5 6MU85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7KE85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SA86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SA87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SD86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SD87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SJ85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SJ86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SK85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SL86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SL87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7SS85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7ST85 (CP300)', 'Siemens SIPROTEC 5 7ST86 (CP300) <V9.80', 'Siemens SIPROTEC 5 7SX85 (CP300) <V9.80', 'Siemens SIPROTEC 5 7UM85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7UT85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7UT86 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7UT87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7VE85 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7VK87 (CP300) >=V7.80，<V9.80', 'Siemens SIPROTEC 5 7VU85 (CP300) <V9.80', 'Siemens SIPROTEC 5 7SA82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SD82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SJ81 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SJ82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SL82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7UT82 (CP100) >=V7.80', 'Siemens SIPROTEC 5 7SK82 (CP100) >=V7.80']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-53649"
    }
  },
  "description": "SIPROTEC 5\u8bbe\u5907\u4e3a\u53d8\u7535\u7ad9\u548c\u5176\u4ed6\u5e94\u7528\u9886\u57df\u63d0\u4f9b\u4e00\u7cfb\u5217\u96c6\u6210\u4fdd\u62a4\u3001\u63a7\u5236\u3001\u6d4b\u91cf\u548c\u81ea\u52a8\u5316\u529f\u80fd\u3002\n\nSiemens SIPROTEC 5\u5b58\u5728\u6587\u4ef6\u8bbf\u95ee\u9650\u5236\u4e0d\u5f53\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8bbe\u5907\u672a\u6b63\u786e\u9650\u5236Web\u670d\u52a1\u5668\u5bf9\u6587\u4ef6\u7cfb\u7edf\u7684\u8bbf\u95ee\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u6216\u8bbe\u5907\u7684\u6574\u4e2a\u6587\u4ef6\u7cfb\u7edf\u3002",
  "formalWay": "\u9664\u4e2a\u522b\u4ea7\u54c1\u6682\u65e0\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\u5916\uff0c\u5382\u5546\u5df2\u4e3a\u591a\u4e2a\u53d7\u5f71\u54cd\u7684\u4ea7\u54c1\u53d1\u5e03\u4e86\u65b0\u7248\u672c\uff0c\u5e76\u5efa\u8bae\u66f4\u65b0\u5230\u6700\u65b0\u7248\u672c\uff0c\u5177\u4f53\u5982\u4e0b\uff1a\r\n1\u3001\u5173\u4e8eSIPROTEC 5 - CP050 Devices\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109796884/\r\n2\u3001\u5173\u4e8eSIPROTEC 5 - CP150 Devices\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\n\uff081\uff09SIPROTEC 5 7SA82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff082\uff09SIPROTEC 5 7SD82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff083\uff09SIPROTEC 5 7SJ81 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109751934/\r\n\uff084\uff09SIPROTEC 5 7SJ82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109751934/\r\n\uff085\uff09SIPROTEC 5 7SK82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109757434/\r\n\uff086\uff09SIPROTEC 5 7SL82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff087\uff09SIPROTEC 5 7SX82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109768011/\r\n\uff088\uff09SIPROTEC 5 7SY82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109804070/\r\n\uff089\uff09SIPROTEC 5 7UT82 (CP150)\uff1ahttps://support.industry.siemens.com/cs/ww/en/view/109757438/\r\n3\u3001\u5173\u4e8eSIPROTEC 5 - CP100 Devices\uff0c\u76ee\u524d\u6682\u65e0\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\u3002\r\n4\u3001\u5173\u4e8eSIPROTEC 5 - CP300 Devices\uff0c\u5177\u4f53\u5982\u4e0b\uff1a\r\n\uff081\uff09SIPROTEC 5 6MD84 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109814150/\r\n\uff082\uff09SIPROTEC 5 6MD85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757428/\r\n\uff083\uff09SIPROTEC 5 6MD86 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757428/\r\n\uff084\uff09SIPROTEC 5 6MD89 (CP300)\uff0c\u76ee\u524d\u6682\u65e0\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\r\n\uff085\uff09SIPROTEC 5 6MU85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109765263/\r\n\uff086\uff09SIPROTEC 5 7KE85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757430/\r\n\uff087\uff09SIPROTEC 5 7SA86 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff088\uff09SIPROTEC 5 7SA87 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff089\uff09SIPROTEC 5 7SD86 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff0810\uff09SIPROTEC 5 7SD87 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff0811\uff09SIPROTEC 5 7SJ85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109751934/\r\n\uff0812\uff09SIPROTEC 5 7SJ86 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff0813\uff09SIPROTEC 5 7SK85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757434/\r\n\uff0814\uff09SIPROTEC 5 7SL86 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff0815\uff09SIPROTEC 5 7SL87 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff0816\uff09SIPROTEC 5 7SS85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757429/\r\n\uff0817\uff09SIPROTEC 5 7ST85 (CP300)\uff0c\u76ee\u524d\u6682\u65e0\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\r\n\uff0818\uff09SIPROTEC 5 7ST86 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109768428/\r\n\uff0819\uff09SIPROTEC 5 7SX85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109768011/\r\n\uff0820\uff09SIPROTEC 5 7UM85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757431/\r\n\uff0821\uff09SIPROTEC 5 7UT85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757438/\r\n\uff0822\uff09SIPROTEC 5 7UT86 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757438/\r\n\uff0823\uff09SIPROTEC 5 7UT87 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757438/\r\n\uff0824\uff09SIPROTEC 5 7VE85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109749865/\r\n\uff0825\uff09SIPROTEC 5 7VK87 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109757433/\r\n\uff0826\uff09SIPROTEC 5 7VU85 (CP300)\uff0c\u8bf7\u5347\u7ea7\u81f3V9.80\u53ca\u4ee5\u4e0a\u7248\u672c\uff1a\r\nhttps://support.industry.siemens.com/cs/ww/en/view/109800399/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-01697",
  "openTime": "2025-01-17",
  "products": {
    "product": [
      "Siemens SIPROTEC 5 Compact 7SX800 (CP050) \u003cV9.80",
      "Siemens SIPROTEC 5 7SA82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7SD82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7SJ81 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7SJ82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7SK82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7SL82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7SX82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7SY82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 7UT82 (CP150) \u003cV9.80",
      "Siemens SIPROTEC 5 6MD84 (CP300) \u003cV9.80",
      "Siemens SIPROTEC 5 6MD85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 6MD86 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 6MD89 (CP300) \u003e=V7.80",
      "Siemens SIPROTEC 5 6MU85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7KE85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SA86 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SA87 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SD86 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SD87 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SJ85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SJ86 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SK85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SL86 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SL87 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7SS85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7ST85 (CP300)",
      "Siemens SIPROTEC 5 7ST86 (CP300) \u003cV9.80",
      "Siemens SIPROTEC 5 7SX85 (CP300) \u003cV9.80",
      "Siemens SIPROTEC 5 7UM85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7UT85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7UT86 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7UT87 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7VE85 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7VK87 (CP300) \u003e=V7.80\uff0c\u003cV9.80",
      "Siemens SIPROTEC 5 7VU85 (CP300) \u003cV9.80",
      "Siemens SIPROTEC 5 7SA82 (CP100) \u003e=V7.80",
      "Siemens SIPROTEC 5 7SD82 (CP100) \u003e=V7.80",
      "Siemens SIPROTEC 5 7SJ81 (CP100) \u003e=V7.80",
      "Siemens SIPROTEC 5 7SJ82 (CP100) \u003e=V7.80",
      "Siemens SIPROTEC 5 7SL82 (CP100) \u003e=V7.80",
      "Siemens SIPROTEC 5 7UT82 (CP100) \u003e=V7.80",
      "Siemens SIPROTEC 5 7SK82 (CP100) \u003e=V7.80"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html",
  "serverity": "\u9ad8",
  "submitTime": "2025-01-14",
  "title": "Siemens SIPROTEC 5\u6587\u4ef6\u8bbf\u95ee\u9650\u5236\u4e0d\u5f53\u6f0f\u6d1e"
}

ICSA-25-016-04

Vulnerability from csaf_cisa - Published: 2025-01-14 00:00 - Updated: 2025-11-11 00:00

Summary

Siemens SIPROTEC 5 Products

Notes

Summary

Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device. Siemens has released new versions for the affected products and recommends to update to the latest versions.

General Recommendations

Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. Recommended security guidelines can be found at: https://www.siemens.com/gridsecurity

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

Legal Notice and Terms of Use

This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).

Advisory Conversion Disclaimer

This ICSA is a verbatim republication of Siemens ProductCERT SSA-194557 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.

Critical infrastructure sectors

Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting this vulnerability to CISA."
      },
      {
        "names": [
          "Steffen Robertz",
          "Stefan Viehb\u00f6ck",
          "Constantin Schieber-Kn\u00f6bl"
        ],
        "organization": "SEC Consult Vulnerability Lab",
        "summary": "reporting this vulnerability to Siemens."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design.\nSiemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. \nAs a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.\n\nRecommended security guidelines can be found at:\nhttps://www.siemens.com/gridsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy \u0026 Use policy (https://www.cisa.gov/privacy-policy).",
        "title": "Legal Notice and Terms of Use"
      },
      {
        "category": "other",
        "text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-194557 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory.  Further, CISA does not endorse any commercial product or service.  Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-194557: Improper Limitation of Filesystem Access through Web Server Vulnerability in SIPROTEC 5 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-194557.json"
      },
      {
        "category": "self",
        "summary": "SSA-194557: Improper Limitation of Filesystem Access through Web Server Vulnerability in SIPROTEC 5 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-016-04 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-016-04.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-25-016-04 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-016-04"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b"
      }
    ],
    "title": "Siemens SIPROTEC 5 Products",
    "tracking": {
      "current_release_date": "2025-11-11T00:00:00.000000Z",
      "generator": {
        "date": "2025-11-17T18:18:47.839733Z",
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-25-016-04",
      "initial_release_date": "2025-01-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2025-01-14T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2025-02-11T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added fix version for 6MD89 (CP300)"
        },
        {
          "date": "2025-03-11T00:00:00.000000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added fix for SIPROTEC 5 7ST85 (CP300); Changed fix version for SIPROTEC 5 6MD89 (CP300) from V9.90 to V9.68; Added mitigation"
        },
        {
          "date": "2025-11-11T00:00:00.000000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added fix for SIPROTEC 5 7SA82 (CP100), SIPROTEC 5 7SD82 (CP100), SIPROTEC 5 7SJ81 (CP100), SIPROTEC 5 7SJ82 (CP100), SIPROTEC 5 7SK82 (CP100), SIPROTEC 5 7SL82 (CP100), SIPROTEC 5 7UT82 (CP100)"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MD84 (CP300)",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD84 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MD85 (CP300)",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MD86 (CP300)",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.68",
                "product": {
                  "name": "SIPROTEC 5 6MD89 (CP300)",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD89 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MU85 (CP300)",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MU85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7KE85 (CP300)",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7KE85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SA82 (CP100)",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SA82 (CP150)",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SA86 (CP300)",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SA87 (CP300)",
                  "product_id": "CSAFPID-0010"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SD82 (CP100)",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SD82 (CP150)",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SD86 (CP300)",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SD87 (CP300)",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SJ81 (CP100)",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ81 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ81 (CP150)",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ81 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SJ82 (CP100)",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ82 (CP150)",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ85 (CP300)",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ86 (CP300)",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SK82 (CP100)",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SK82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SK82 (CP150)",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SK82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SK85 (CP300)",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SK85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SL82 (CP100)",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SL82 (CP150)",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SL86 (CP300)",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SL87 (CP300)",
                  "product_id": "CSAFPID-0027"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SS85 (CP300)",
                  "product_id": "CSAFPID-0028"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SS85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.68",
                "product": {
                  "name": "SIPROTEC 5 7ST85 (CP300)",
                  "product_id": "CSAFPID-0029"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7ST85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7ST86 (CP300)",
                  "product_id": "CSAFPID-0030"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7ST86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SX82 (CP150)",
                  "product_id": "CSAFPID-0031"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SX82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SX85 (CP300)",
                  "product_id": "CSAFPID-0032"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SX85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SY82 (CP150)",
                  "product_id": "CSAFPID-0033"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SY82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UM85 (CP300)",
                  "product_id": "CSAFPID-0034"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UM85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7UT82 (CP100)",
                  "product_id": "CSAFPID-0035"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT82 (CP150)",
                  "product_id": "CSAFPID-0036"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT85 (CP300)",
                  "product_id": "CSAFPID-0037"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT86 (CP300)",
                  "product_id": "CSAFPID-0038"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT87 (CP300)",
                  "product_id": "CSAFPID-0039"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7VE85 (CP300)",
                  "product_id": "CSAFPID-0040"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7VE85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7VK87 (CP300)",
                  "product_id": "CSAFPID-0041"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7VK87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7VU85 (CP300)",
                  "product_id": "CSAFPID-0042"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7VU85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 Compact 7SX800 (CP050)",
                  "product_id": "CSAFPID-0043"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 Compact 7SX800 (CP050)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-53649",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-0010",
          "CSAFPID-0011",
          "CSAFPID-0012",
          "CSAFPID-0013",
          "CSAFPID-0014",
          "CSAFPID-0015",
          "CSAFPID-0016",
          "CSAFPID-0017",
          "CSAFPID-0018",
          "CSAFPID-0019",
          "CSAFPID-0020",
          "CSAFPID-0021",
          "CSAFPID-0022",
          "CSAFPID-0023",
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039",
          "CSAFPID-0040",
          "CSAFPID-0041",
          "CSAFPID-0042",
          "CSAFPID-0043"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable the web server of the affected system",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.68 or later version",
          "product_ids": [
            "CSAFPID-0004",
            "CSAFPID-0029"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109742950/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.80 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0008",
            "CSAFPID-0012",
            "CSAFPID-0016",
            "CSAFPID-0018",
            "CSAFPID-0022",
            "CSAFPID-0025",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0033",
            "CSAFPID-0036",
            "CSAFPID-0042"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109814150/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.80 or later version",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0023",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0032",
            "CSAFPID-0034",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109757428/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.80 or later version",
          "product_ids": [
            "CSAFPID-0043"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109796884/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.90 or later V8.xx version",
          "product_ids": [
            "CSAFPID-0007",
            "CSAFPID-0011",
            "CSAFPID-0015",
            "CSAFPID-0017",
            "CSAFPID-0021",
            "CSAFPID-0024",
            "CSAFPID-0035"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-0010",
            "CSAFPID-0011",
            "CSAFPID-0012",
            "CSAFPID-0013",
            "CSAFPID-0014",
            "CSAFPID-0015",
            "CSAFPID-0016",
            "CSAFPID-0017",
            "CSAFPID-0018",
            "CSAFPID-0019",
            "CSAFPID-0020",
            "CSAFPID-0021",
            "CSAFPID-0022",
            "CSAFPID-0023",
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039",
            "CSAFPID-0040",
            "CSAFPID-0041",
            "CSAFPID-0042",
            "CSAFPID-0043"
          ]
        }
      ],
      "title": "CVE-2024-53649"
    }
  ]
}

WID-SEC-W-2025-0061

Vulnerability from csaf_certbund - Published: 2025-01-14 23:00 - Updated: 2025-01-16 23:00

Summary

Siemens SIPROTEC: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

SIPROTEC ist eine Serie von Netzschutzgeräten.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Siemens SIPROTEC ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "SIPROTEC ist eine Serie von Netzschutzger\u00e4ten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Siemens SIPROTEC ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0061 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0061.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0061 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0061"
      },
      {
        "category": "external",
        "summary": "Siemens Security Advisory vom 2025-01-14",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-01-14",
        "url": "https://github.com/advisories/GHSA-9xg2-78h5-2f5f"
      }
    ],
    "source_lang": "en-US",
    "title": "Siemens SIPROTEC: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2025-01-16T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-17T09:13:15.706+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0061",
      "initial_release_date": "2025-01-14T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-14T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-16T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV9.80",
                "product": {
                  "name": "Siemens SIPROTEC \u003cV9.80",
                  "product_id": "T040316"
                }
              },
              {
                "category": "product_version",
                "name": "V9.80",
                "product": {
                  "name": "Siemens SIPROTEC V9.80",
                  "product_id": "T040316-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:siemens:siprotec:v9.80"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-53649",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Siemens SIPROTEC. Sie besteht darin, dass betroffene SIPROTEC 5 Ger\u00e4te den Zugriff des Webservers auf das Dateisystem nicht ausreichend einschr\u00e4nken. Ein entfernter, authentisierter Angreifer kann somit einzelne Dateien oder ganze Dateisysteme auslesen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T040316"
        ]
      },
      "release_date": "2025-01-14T23:00:00.000+00:00",
      "title": "CVE-2024-53649"
    }
  ]
}

NCSC-2025-0008

Vulnerability from csaf_ncscnl - Published: 2025-01-14 11:54 - Updated: 2025-01-14 11:54

Summary

Kwetsbaarheden verholpen in Siemens producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Management, Mendix, SIMATIC, SIPROTEC en Siveillance.

Interpretaties

De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Cross-Site-Scripting (XSS) - Cross-Site Request Forgery (CSRF) - Manipulatie van gegevens - Omzeilen van een beveiligingsmaatregel - Omzeilen van authenticatie - (Remote) code execution (Gebruikersrechten) - Toegang tot systeemgegevens - Toegang tot gevoelige gegevens De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.

Oplossingen

Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.

Dreigingsinformatie

CVE's toe te voegen: CVE-2024-12569, CVE-2024-45385, CVE-2024-47100, CVE-2024-53649, CVE-2024-56841

Kans

medium

Schade

high

CWE-90

Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

CWE-532

Insertion of Sensitive Information into Log File

CWE-552

Files or Directories Accessible to External Parties

CWE-352

Cross-Site Request Forgery (CSRF)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Management, Mendix, SIMATIC, SIPROTEC en Siveillance.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Cross-Site-Scripting (XSS)\n- Cross-Site Request Forgery (CSRF)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "description",
        "text": "CVE\u0027s toe te voegen:\n\nCVE-2024-12569, CVE-2024-45385, CVE-2024-47100, CVE-2024-53649, CVE-2024-56841",
        "title": "Dreigingsinformatie"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
        "title": "CWE-90"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information into Log File",
        "title": "CWE-532"
      },
      {
        "category": "general",
        "text": "Files or Directories Accessible to External Parties",
        "title": "CWE-552"
      },
      {
        "category": "general",
        "text": "Cross-Site Request Forgery (CSRF)",
        "title": "CWE-352"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-194557.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-314390.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-404759.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-416411.pdf"
      },
      {
        "category": "external",
        "summary": "Reference - ncscclear",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-717113.pdf"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Siemens producten",
    "tracking": {
      "current_release_date": "2025-01-14T11:54:04.658073Z",
      "id": "NCSC-2025-0008",
      "initial_release_date": "2025-01-14T11:54:04.658073Z",
      "revision_history": [
        {
          "date": "2025-01-14T11:54:04.658073Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1215fc_dc_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1215fc_dc_dc_rly",
              "product_id": "CSAFPID-1712865",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215fc_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1217c_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1217c_dc_dc_dc",
              "product_id": "CSAFPID-1712866",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1217c_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1212_ac_dc_rly",
            "product": {
              "name": "siplus_s7-1200_cpu_1212_ac_dc_rly",
              "product_id": "CSAFPID-1712886",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212_ac_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1212_dc_dc_rly",
            "product": {
              "name": "siplus_s7-1200_cpu_1212_dc_dc_rly",
              "product_id": "CSAFPID-1712887",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1212c_dc_dc_dc",
            "product": {
              "name": "siplus_s7-1200_cpu_1212c_dc_dc_dc",
              "product_id": "CSAFPID-1712888",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212c_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1212c_dc_dc_dc_rail",
            "product": {
              "name": "siplus_s7-1200_cpu_1212c_dc_dc_dc_rail",
              "product_id": "CSAFPID-1712889",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1212c_dc_dc_dc_rail:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1214_ac_dc_rly",
            "product": {
              "name": "siplus_s7-1200_cpu_1214_ac_dc_rly",
              "product_id": "CSAFPID-1712890",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_ac_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1214_dc_dc_dc",
            "product": {
              "name": "siplus_s7-1200_cpu_1214_dc_dc_dc",
              "product_id": "CSAFPID-1712891",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1214_dc_dc_rly",
            "product": {
              "name": "siplus_s7-1200_cpu_1214_dc_dc_rly",
              "product_id": "CSAFPID-1712892",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1214c_dc_dc_dc_rail",
            "product": {
              "name": "siplus_s7-1200_cpu_1214c_dc_dc_dc_rail",
              "product_id": "CSAFPID-1712893",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214c_dc_dc_dc_rail:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1214fc_dc_dc_dc",
            "product": {
              "name": "siplus_s7-1200_cpu_1214fc_dc_dc_dc",
              "product_id": "CSAFPID-1712894",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214fc_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1214fc_dc_dc_rly",
            "product": {
              "name": "siplus_s7-1200_cpu_1214fc_dc_dc_rly",
              "product_id": "CSAFPID-1712895",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1214fc_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1215_ac_dc_rly",
            "product": {
              "name": "siplus_s7-1200_cpu_1215_ac_dc_rly",
              "product_id": "CSAFPID-1712896",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_ac_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1215_dc_dc_dc",
            "product": {
              "name": "siplus_s7-1200_cpu_1215_dc_dc_dc",
              "product_id": "CSAFPID-1712897",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1215_dc_dc_rly",
            "product": {
              "name": "siplus_s7-1200_cpu_1215_dc_dc_rly",
              "product_id": "CSAFPID-1712898",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1215c_dc_dc_dc",
            "product": {
              "name": "siplus_s7-1200_cpu_1215c_dc_dc_dc",
              "product_id": "CSAFPID-1712899",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215c_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siplus_s7-1200_cpu_1215fc_dc_dc_dc",
            "product": {
              "name": "siplus_s7-1200_cpu_1215fc_dc_dc_dc",
              "product_id": "CSAFPID-1712900",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siplus_s7-1200_cpu_1215fc_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_6md84__cp300_",
            "product": {
              "name": "siprotec_5_6md84__cp300_",
              "product_id": "CSAFPID-1615375",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_6md84__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_6md85__cp300_",
            "product": {
              "name": "siprotec_5_6md85__cp300_",
              "product_id": "CSAFPID-1615379",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_6md85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_6md86__cp300_",
            "product": {
              "name": "siprotec_5_6md86__cp300_",
              "product_id": "CSAFPID-1615383",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_6md86__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_6md89__cp300_",
            "product": {
              "name": "siprotec_5_6md89__cp300_",
              "product_id": "CSAFPID-1615385",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_6md89__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_6mu85__cp300_",
            "product": {
              "name": "siprotec_5_6mu85__cp300_",
              "product_id": "CSAFPID-1615387",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_6mu85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ke85__cp300_",
            "product": {
              "name": "siprotec_5_7ke85__cp300_",
              "product_id": "CSAFPID-1615391",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ke85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sa82__cp100_",
            "product": {
              "name": "siprotec_5_7sa82__cp100_",
              "product_id": "CSAFPID-1615393",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sa82__cp100_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sa82__cp150_",
            "product": {
              "name": "siprotec_5_7sa82__cp150_",
              "product_id": "CSAFPID-1615395",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sa82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sa86__cp300_",
            "product": {
              "name": "siprotec_5_7sa86__cp300_",
              "product_id": "CSAFPID-1615400",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sa86__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sa87__cp300_",
            "product": {
              "name": "siprotec_5_7sa87__cp300_",
              "product_id": "CSAFPID-1615404",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sa87__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sd82__cp100_",
            "product": {
              "name": "siprotec_5_7sd82__cp100_",
              "product_id": "CSAFPID-1615406",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sd82__cp100_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sd82__cp150_",
            "product": {
              "name": "siprotec_5_7sd82__cp150_",
              "product_id": "CSAFPID-1615408",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sd82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sd86__cp300_",
            "product": {
              "name": "siprotec_5_7sd86__cp300_",
              "product_id": "CSAFPID-1615414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sd86__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sd87__cp300_",
            "product": {
              "name": "siprotec_5_7sd87__cp300_",
              "product_id": "CSAFPID-1615418",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sd87__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sj81__cp100_",
            "product": {
              "name": "siprotec_5_7sj81__cp100_",
              "product_id": "CSAFPID-1615420",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sj81__cp100_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sj81__cp150_",
            "product": {
              "name": "siprotec_5_7sj81__cp150_",
              "product_id": "CSAFPID-1615422",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sj81__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sj82__cp100_",
            "product": {
              "name": "siprotec_5_7sj82__cp100_",
              "product_id": "CSAFPID-1615424",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sj82__cp100_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sj82__cp150_",
            "product": {
              "name": "siprotec_5_7sj82__cp150_",
              "product_id": "CSAFPID-1615426",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sj82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sj85__cp300_",
            "product": {
              "name": "siprotec_5_7sj85__cp300_",
              "product_id": "CSAFPID-1615430",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sj85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sj86__cp300_",
            "product": {
              "name": "siprotec_5_7sj86__cp300_",
              "product_id": "CSAFPID-1615434",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sj86__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sk82__cp100_",
            "product": {
              "name": "siprotec_5_7sk82__cp100_",
              "product_id": "CSAFPID-1615436",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sk82__cp100_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sk82__cp150_",
            "product": {
              "name": "siprotec_5_7sk82__cp150_",
              "product_id": "CSAFPID-1615437",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sk82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sk85__cp300_",
            "product": {
              "name": "siprotec_5_7sk85__cp300_",
              "product_id": "CSAFPID-1615439",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sk85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sl82__cp100_",
            "product": {
              "name": "siprotec_5_7sl82__cp100_",
              "product_id": "CSAFPID-1615440",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sl82__cp100_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sl82__cp150_",
            "product": {
              "name": "siprotec_5_7sl82__cp150_",
              "product_id": "CSAFPID-1615441",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sl82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sl86__cp300_",
            "product": {
              "name": "siprotec_5_7sl86__cp300_",
              "product_id": "CSAFPID-1615443",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sl86__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sl87__cp300_",
            "product": {
              "name": "siprotec_5_7sl87__cp300_",
              "product_id": "CSAFPID-1615445",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sl87__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ss85__cp300_",
            "product": {
              "name": "siprotec_5_7ss85__cp300_",
              "product_id": "CSAFPID-1615447",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ss85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7st85__cp300_",
            "product": {
              "name": "siprotec_5_7st85__cp300_",
              "product_id": "CSAFPID-1615449",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7st85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7st86__cp300_",
            "product": {
              "name": "siprotec_5_7st86__cp300_",
              "product_id": "CSAFPID-1615450",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7st86__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sx82__cp150_",
            "product": {
              "name": "siprotec_5_7sx82__cp150_",
              "product_id": "CSAFPID-1615451",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sx82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sx85__cp300_",
            "product": {
              "name": "siprotec_5_7sx85__cp300_",
              "product_id": "CSAFPID-1615452",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sx85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7sy82__cp150_",
            "product": {
              "name": "siprotec_5_7sy82__cp150_",
              "product_id": "CSAFPID-1749292",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7sy82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7um85__cp300_",
            "product": {
              "name": "siprotec_5_7um85__cp300_",
              "product_id": "CSAFPID-1615453",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7um85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "industrial_edge_management_os__iem-os_",
            "product": {
              "name": "industrial_edge_management_os__iem-os_",
              "product_id": "CSAFPID-1637818",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "mendix_ldap",
            "product": {
              "name": "mendix_ldap",
              "product_id": "CSAFPID-1749293",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:mendix_ldap:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1211c_ac_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1211c_ac_dc_rly",
              "product_id": "CSAFPID-1712848",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_ac_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1211c_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1211c_dc_dc_dc",
              "product_id": "CSAFPID-1712849",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1211c_dc_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1211c_dc_dc_rly",
              "product_id": "CSAFPID-1712850",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1211c_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1212c_ac_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1212c_ac_dc_rly",
              "product_id": "CSAFPID-1712851",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_ac_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1212c_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1212c_dc_dc_dc",
              "product_id": "CSAFPID-1712852",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1212c_dc_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1212c_dc_dc_rly",
              "product_id": "CSAFPID-1712853",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212c_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1212fc_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1212fc_dc_dc_dc",
              "product_id": "CSAFPID-1712854",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212fc_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1212fc_dc_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1212fc_dc_dc_rly",
              "product_id": "CSAFPID-1712855",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1212fc_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1214c_ac_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1214c_ac_dc_rly",
              "product_id": "CSAFPID-1712856",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_ac_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1214c_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1214c_dc_dc_dc",
              "product_id": "CSAFPID-1712857",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1214c_dc_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1214c_dc_dc_rly",
              "product_id": "CSAFPID-1712858",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214c_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1214fc_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1214fc_dc_dc_dc",
              "product_id": "CSAFPID-1712859",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214fc_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1214fc_dc_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1214fc_dc_dc_rly",
              "product_id": "CSAFPID-1712860",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1214fc_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1215c_ac_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1215c_ac_dc_rly",
              "product_id": "CSAFPID-1712861",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_ac_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1215c_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1215c_dc_dc_dc",
              "product_id": "CSAFPID-1712862",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1215c_dc_dc_rly",
            "product": {
              "name": "simatic_s7-1200_cpu_1215c_dc_dc_rly",
              "product_id": "CSAFPID-1712863",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215c_dc_dc_rly:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "simatic_s7-1200_cpu_1215fc_dc_dc_dc",
            "product": {
              "name": "simatic_s7-1200_cpu_1215fc_dc_dc_dc",
              "product_id": "CSAFPID-1712864",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:simatic_s7-1200_cpu_1215fc_dc_dc_dc:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ut82__cp100_",
            "product": {
              "name": "siprotec_5_7ut82__cp100_",
              "product_id": "CSAFPID-1615454",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ut82__cp100_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ut82__cp150_",
            "product": {
              "name": "siprotec_5_7ut82__cp150_",
              "product_id": "CSAFPID-1615455",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ut82__cp150_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ut85__cp300_",
            "product": {
              "name": "siprotec_5_7ut85__cp300_",
              "product_id": "CSAFPID-1615457",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ut85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ut86__cp300_",
            "product": {
              "name": "siprotec_5_7ut86__cp300_",
              "product_id": "CSAFPID-1615459",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ut86__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ut87__cp300_",
            "product": {
              "name": "siprotec_5_7ut87__cp300_",
              "product_id": "CSAFPID-1615461",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ut87__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7ve85__cp300_",
            "product": {
              "name": "siprotec_5_7ve85__cp300_",
              "product_id": "CSAFPID-1615462",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7ve85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7vk87__cp300_",
            "product": {
              "name": "siprotec_5_7vk87__cp300_",
              "product_id": "CSAFPID-1615464",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7vk87__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_7vu85__cp300_",
            "product": {
              "name": "siprotec_5_7vu85__cp300_",
              "product_id": "CSAFPID-1615465",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_7vu85__cp300_:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "siprotec_5_compact_7sx800__cp050_",
            "product": {
              "name": "siprotec_5_compact_7sx800__cp050_",
              "product_id": "CSAFPID-1615468",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:siemens:siprotec_5_compact_7sx800__cp050_:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12569",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-12569",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-12569.json"
        }
      ],
      "title": "CVE-2024-12569"
    },
    {
      "cve": "CVE-2024-45385",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1637818"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-45385",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45385.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1637818"
          ]
        }
      ],
      "title": "CVE-2024-45385"
    },
    {
      "cve": "CVE-2024-47100",
      "cwe": {
        "id": "CWE-352",
        "name": "Cross-Site Request Forgery (CSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Cross-Site Request Forgery (CSRF)",
          "title": "CWE-352"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1712848",
          "CSAFPID-1712849",
          "CSAFPID-1712850",
          "CSAFPID-1712851",
          "CSAFPID-1712852",
          "CSAFPID-1712853",
          "CSAFPID-1712854",
          "CSAFPID-1712855",
          "CSAFPID-1712856",
          "CSAFPID-1712857",
          "CSAFPID-1712858",
          "CSAFPID-1712859",
          "CSAFPID-1712860",
          "CSAFPID-1712861",
          "CSAFPID-1712862",
          "CSAFPID-1712863",
          "CSAFPID-1712864",
          "CSAFPID-1712865",
          "CSAFPID-1712866",
          "CSAFPID-1712886",
          "CSAFPID-1712887",
          "CSAFPID-1712888",
          "CSAFPID-1712889",
          "CSAFPID-1712890",
          "CSAFPID-1712891",
          "CSAFPID-1712892",
          "CSAFPID-1712893",
          "CSAFPID-1712894",
          "CSAFPID-1712895",
          "CSAFPID-1712896",
          "CSAFPID-1712897",
          "CSAFPID-1712898",
          "CSAFPID-1712899",
          "CSAFPID-1712900"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47100",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47100.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1712848",
            "CSAFPID-1712849",
            "CSAFPID-1712850",
            "CSAFPID-1712851",
            "CSAFPID-1712852",
            "CSAFPID-1712853",
            "CSAFPID-1712854",
            "CSAFPID-1712855",
            "CSAFPID-1712856",
            "CSAFPID-1712857",
            "CSAFPID-1712858",
            "CSAFPID-1712859",
            "CSAFPID-1712860",
            "CSAFPID-1712861",
            "CSAFPID-1712862",
            "CSAFPID-1712863",
            "CSAFPID-1712864",
            "CSAFPID-1712865",
            "CSAFPID-1712866",
            "CSAFPID-1712886",
            "CSAFPID-1712887",
            "CSAFPID-1712888",
            "CSAFPID-1712889",
            "CSAFPID-1712890",
            "CSAFPID-1712891",
            "CSAFPID-1712892",
            "CSAFPID-1712893",
            "CSAFPID-1712894",
            "CSAFPID-1712895",
            "CSAFPID-1712896",
            "CSAFPID-1712897",
            "CSAFPID-1712898",
            "CSAFPID-1712899",
            "CSAFPID-1712900"
          ]
        }
      ],
      "title": "CVE-2024-47100"
    },
    {
      "cve": "CVE-2024-53649",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "other",
          "text": "Files or Directories Accessible to External Parties",
          "title": "CWE-552"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1615375",
          "CSAFPID-1615379",
          "CSAFPID-1615383",
          "CSAFPID-1615385",
          "CSAFPID-1615387",
          "CSAFPID-1615391",
          "CSAFPID-1615393",
          "CSAFPID-1615395",
          "CSAFPID-1615400",
          "CSAFPID-1615404",
          "CSAFPID-1615406",
          "CSAFPID-1615408",
          "CSAFPID-1615414",
          "CSAFPID-1615418",
          "CSAFPID-1615420",
          "CSAFPID-1615422",
          "CSAFPID-1615424",
          "CSAFPID-1615426",
          "CSAFPID-1615430",
          "CSAFPID-1615434",
          "CSAFPID-1615436",
          "CSAFPID-1615437",
          "CSAFPID-1615439",
          "CSAFPID-1615440",
          "CSAFPID-1615441",
          "CSAFPID-1615443",
          "CSAFPID-1615445",
          "CSAFPID-1615447",
          "CSAFPID-1615449",
          "CSAFPID-1615450",
          "CSAFPID-1615451",
          "CSAFPID-1615452",
          "CSAFPID-1749292",
          "CSAFPID-1615453",
          "CSAFPID-1615454",
          "CSAFPID-1615455",
          "CSAFPID-1615457",
          "CSAFPID-1615459",
          "CSAFPID-1615461",
          "CSAFPID-1615462",
          "CSAFPID-1615464",
          "CSAFPID-1615465",
          "CSAFPID-1615468"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-53649",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-53649.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1615375",
            "CSAFPID-1615379",
            "CSAFPID-1615383",
            "CSAFPID-1615385",
            "CSAFPID-1615387",
            "CSAFPID-1615391",
            "CSAFPID-1615393",
            "CSAFPID-1615395",
            "CSAFPID-1615400",
            "CSAFPID-1615404",
            "CSAFPID-1615406",
            "CSAFPID-1615408",
            "CSAFPID-1615414",
            "CSAFPID-1615418",
            "CSAFPID-1615420",
            "CSAFPID-1615422",
            "CSAFPID-1615424",
            "CSAFPID-1615426",
            "CSAFPID-1615430",
            "CSAFPID-1615434",
            "CSAFPID-1615436",
            "CSAFPID-1615437",
            "CSAFPID-1615439",
            "CSAFPID-1615440",
            "CSAFPID-1615441",
            "CSAFPID-1615443",
            "CSAFPID-1615445",
            "CSAFPID-1615447",
            "CSAFPID-1615449",
            "CSAFPID-1615450",
            "CSAFPID-1615451",
            "CSAFPID-1615452",
            "CSAFPID-1749292",
            "CSAFPID-1615453",
            "CSAFPID-1615454",
            "CSAFPID-1615455",
            "CSAFPID-1615457",
            "CSAFPID-1615459",
            "CSAFPID-1615461",
            "CSAFPID-1615462",
            "CSAFPID-1615464",
            "CSAFPID-1615465",
            "CSAFPID-1615468"
          ]
        }
      ],
      "title": "CVE-2024-53649"
    },
    {
      "cve": "CVE-2024-56841",
      "cwe": {
        "id": "CWE-90",
        "name": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
          "title": "CWE-90"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1749293"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-56841",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56841.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1749293"
          ]
        }
      ],
      "title": "CVE-2024-56841"
    }
  ]
}

SSA-194557

Vulnerability from csaf_siemens - Published: 2025-01-14 00:00 - Updated: 2025-11-11 00:00

Summary

SSA-194557: Improper Limitation of Filesystem Access through Web Server Vulnerability in SIPROTEC 5

Notes

Summary

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Affected SIPROTEC 5 devices do not properly limit the access of the web server to the filesystem. This could allow an authenticated remote attacker to read arbitrary files or the entire filesystem of the device.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design.\nSiemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. \nAs a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.\n\nRecommended security guidelines can be found at:\nhttps://www.siemens.com/gridsecurity",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-194557: Improper Limitation of Filesystem Access through Web Server Vulnerability in SIPROTEC 5 - HTML Version",
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
      },
      {
        "category": "self",
        "summary": "SSA-194557: Improper Limitation of Filesystem Access through Web Server Vulnerability in SIPROTEC 5 - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-194557.json"
      }
    ],
    "title": "SSA-194557: Improper Limitation of Filesystem Access through Web Server Vulnerability in SIPROTEC 5",
    "tracking": {
      "current_release_date": "2025-11-11T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-194557",
      "initial_release_date": "2025-01-14T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-01-14T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2025-02-11T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added fix version for 6MD89 (CP300)"
        },
        {
          "date": "2025-03-11T00:00:00Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added fix for SIPROTEC 5 7ST85 (CP300); Changed fix version for SIPROTEC 5 6MD89 (CP300) from V9.90 to V9.68; Added mitigation"
        },
        {
          "date": "2025-11-11T00:00:00Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added fix for SIPROTEC 5 7SA82 (CP100), SIPROTEC 5 7SD82 (CP100), SIPROTEC 5 7SJ81 (CP100), SIPROTEC 5 7SJ82 (CP100), SIPROTEC 5 7SK82 (CP100), SIPROTEC 5 7SL82 (CP100), SIPROTEC 5 7UT82 (CP100)"
        }
      ],
      "status": "interim",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MD84 (CP300)",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD84 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MD85 (CP300)",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MD86 (CP300)",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.68",
                "product": {
                  "name": "SIPROTEC 5 6MD89 (CP300)",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MD89 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 6MU85 (CP300)",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 6MU85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7KE85 (CP300)",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7KE85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SA82 (CP100)",
                  "product_id": "7"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SA82 (CP150)",
                  "product_id": "8"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SA86 (CP300)",
                  "product_id": "9"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SA87 (CP300)",
                  "product_id": "10"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SA87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SD82 (CP100)",
                  "product_id": "11"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SD82 (CP150)",
                  "product_id": "12"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SD86 (CP300)",
                  "product_id": "13"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SD87 (CP300)",
                  "product_id": "14"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SD87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SJ81 (CP100)",
                  "product_id": "15"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ81 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ81 (CP150)",
                  "product_id": "16"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ81 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SJ82 (CP100)",
                  "product_id": "17"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ82 (CP150)",
                  "product_id": "18"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ85 (CP300)",
                  "product_id": "19"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SJ86 (CP300)",
                  "product_id": "20"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SJ86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SK82 (CP100)",
                  "product_id": "21"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SK82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SK82 (CP150)",
                  "product_id": "22"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SK82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SK85 (CP300)",
                  "product_id": "23"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SK85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7SL82 (CP100)",
                  "product_id": "24"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SL82 (CP150)",
                  "product_id": "25"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SL86 (CP300)",
                  "product_id": "26"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SL87 (CP300)",
                  "product_id": "27"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SL87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SS85 (CP300)",
                  "product_id": "28"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SS85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.68",
                "product": {
                  "name": "SIPROTEC 5 7ST85 (CP300)",
                  "product_id": "29"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7ST85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7ST86 (CP300)",
                  "product_id": "30"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7ST86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SX82 (CP150)",
                  "product_id": "31"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SX82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SX85 (CP300)",
                  "product_id": "32"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SX85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7SY82 (CP150)",
                  "product_id": "33"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7SY82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UM85 (CP300)",
                  "product_id": "34"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UM85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c8.90",
                "product": {
                  "name": "SIPROTEC 5 7UT82 (CP100)",
                  "product_id": "35"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT82 (CP100)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT82 (CP150)",
                  "product_id": "36"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT82 (CP150)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT85 (CP300)",
                  "product_id": "37"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT86 (CP300)",
                  "product_id": "38"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT86 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7UT87 (CP300)",
                  "product_id": "39"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7UT87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7VE85 (CP300)",
                  "product_id": "40"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7VE85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003e=7.80|\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7VK87 (CP300)",
                  "product_id": "41"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7VK87 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 7VU85 (CP300)",
                  "product_id": "42"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 7VU85 (CP300)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:intdot/\u003c9.80",
                "product": {
                  "name": "SIPROTEC 5 Compact 7SX800 (CP050)",
                  "product_id": "43"
                }
              }
            ],
            "category": "product_name",
            "name": "SIPROTEC 5 Compact 7SX800 (CP050)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-53649",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6",
          "7",
          "8",
          "9",
          "10",
          "11",
          "12",
          "13",
          "14",
          "15",
          "16",
          "17",
          "18",
          "19",
          "20",
          "21",
          "22",
          "23",
          "24",
          "25",
          "26",
          "27",
          "28",
          "29",
          "30",
          "31",
          "32",
          "33",
          "34",
          "35",
          "36",
          "37",
          "38",
          "39",
          "40",
          "41",
          "42",
          "43"
        ]
      },
      "remediations": [
        {
          "category": "mitigation",
          "details": "Disable the web server of the affected system",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26",
            "27",
            "28",
            "29",
            "30",
            "31",
            "32",
            "33",
            "34",
            "35",
            "36",
            "37",
            "38",
            "39",
            "40",
            "41",
            "42",
            "43"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.68 or later version",
          "product_ids": [
            "4",
            "29"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109742950/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.80 or later version",
          "product_ids": [
            "1",
            "8",
            "12",
            "16",
            "18",
            "22",
            "25",
            "30",
            "31",
            "33",
            "36",
            "42"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109814150/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.80 or later version",
          "product_ids": [
            "2",
            "3",
            "5",
            "6",
            "9",
            "10",
            "13",
            "14",
            "19",
            "20",
            "23",
            "26",
            "27",
            "28",
            "32",
            "34",
            "37",
            "38",
            "39",
            "40",
            "41"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109757428/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V9.80 or later version",
          "product_ids": [
            "43"
          ],
          "url": "https://support.industry.siemens.com/cs/ww/en/view/109796884/"
        },
        {
          "category": "vendor_fix",
          "details": "Update to V8.90 or later V8.xx version",
          "product_ids": [
            "7",
            "11",
            "15",
            "17",
            "21",
            "24",
            "35"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6",
            "7",
            "8",
            "9",
            "10",
            "11",
            "12",
            "13",
            "14",
            "15",
            "16",
            "17",
            "18",
            "19",
            "20",
            "21",
            "22",
            "23",
            "24",
            "25",
            "26",
            "27",
            "28",
            "29",
            "30",
            "31",
            "32",
            "33",
            "34",
            "35",
            "36",
            "37",
            "38",
            "39",
            "40",
            "41",
            "42",
            "43"
          ]
        }
      ],
      "title": "CVE-2024-53649"
    }
  ]
}

GHSA-9XG2-78H5-2F5F

Vulnerability from github – Published: 2025-01-14 12:31 – Updated: 2025-01-14 12:31

Details

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V9.80), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V9.80), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V9.80), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.80), SIPROTEC 5 7SX82 (CP150) (All versions < V9.80), SIPROTEC 5 7SX85 (CP300) (All versions < V9.80), SIPROTEC 5 7SY82 (CP150) (All versions < V9.80), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V9.80), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VU85 (CP300) (All versions < V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.80). Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-53649"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-552"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-14T11:15:16Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.80), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SK82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT82 (CP100) (All versions \u003e= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.80), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V7.80 \u003c V9.80), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.80). Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.",
  "id": "GHSA-9xg2-78h5-2f5f",
  "modified": "2025-01-14T12:31:50Z",
  "published": "2025-01-14T12:31:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53649"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-194557.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-53649 (GCVE-0-2024-53649)

Solutions

Solutions

Tags

Sightings

Nomenclature