CVSS: 8.2EPSS: 0%CPEs: 26EXPL: 0CVE-2024-38867
https://notcve.org/view.php?id=CVE-2024-38867
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from those ports. Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MD85 (CP200) (Todas las versiones), SIPROTEC 5 6MD85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MD86 (CP200) (Todas las versiones), SIPROTEC 5 6MD86 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MD89 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MU85 (CP300) (Todas las versiones < V9. 64), SIPROTEC 5 7KE85 (CP200) (Todas las versiones), SIPROTEC 5 7KE85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7SA82 (CP100) (Todas las versiones), SIPROTEC 5 7SA82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SA84 (CP200) (Todas las versiones), SIPROTEC 5 7SA86 (CP200) (Todas las versiones), SIPROTEC 5 7SA86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SA87 (CP200) (Todas versiones), SIPROTEC 5 7SA87 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SD82 (CP100) (Todas las versiones), SIPROTEC 5 7SD82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SD84 (CP200) (Todas las versiones), SIPROTEC 5 7SD86 (CP200) (Todas las versiones), SIPROTEC 5 7SD86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SD87 (CP200) (Todas las versiones), SIPROTEC 5 7SD87 (CP300) (Todas versiones < V9.65), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones < V8.89), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones < V8.89 ), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SJ85 (CP200) (Todas las versiones), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SJ86 (CP200) ( Todas las versiones), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SK82 (CP100) (Todas las versiones < V8.89), SIPROTEC 5 7SK82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SK85 (CP200) (Todas las versiones), SIPROTEC 5 7SK85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SL82 (CP100) (Todas las versiones), SIPROTEC 5 7SL82 (CP150) (Todas las versiones < V9.65) , SIPROTEC 5 7SL86 (CP200) (Todas las versiones), SIPROTEC 5 7SL86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SL87 (CP200) (Todas las versiones), SIPROTEC 5 7SL87 (CP300) (Todas las versiones < V9. 65), SIPROTEC 5 7SS85 (CP200) (Todas las versiones), SIPROTEC 5 7SS85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7ST85 (CP200) (Todas las versiones), SIPROTEC 5 7ST85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7ST86 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7SX82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SX85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7UM85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7UT82 (CP100) (Todas las versiones), SIPROTEC 5 7UT82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7UT85 (CP200) (Todas las versiones ), SIPROTEC 5 7UT85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7UT86 (CP200) (Todas las versiones), SIPROTEC 5 7UT86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7UT87 (CP200) ( Todas las versiones), SIPROTEC 5 7UT87 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7VE85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7VK87 (CP200) (Todas las versiones), SIPROTEC 5 7VK87 (CP300 ) (Todas las versiones < V9.65), SIPROTEC 5 7VU85 (CP300) (Todas las versiones < V9.64), Módulo de comunicación SIPROTEC 5 ETH-BA-2EL (Rev.1) (Todas las versiones < V9.62 instaladas en CP150 y dispositivos CP300), módulo de comunicación SIPROTEC 5 ETH-BA-2EL (Rev.1) (todas las versiones instaladas en dispositivos CP200), módulo de comunicación SIPROTEC 5 ETH-BA-2EL (Rev.1) (todas las versiones < V8.89 instaladas en dispositivos CP100), Módulo de comunicación SIPROTEC 5 ETH-BB-2FO (Rev. 1) (Todas las versiones instaladas en dispositivos CP200), Módulo de comunicación SIPROTEC 5 ETH-BB-2FO (Rev. 1) (Todas las versiones < V9.62 instaladas en dispositivos CP150 y CP300), Módulo de comunicación SIPROTEC 5 ETH-BB-2FO ( Rev. 1) (Todas las versiones < V8.89 instaladas en dispositivos CP100), Mó A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All v • https://cert-portal.siemens.com/productcert/html/ssa-750499.html • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 128EXPL: 0CVE-2023-28766
https://notcve.org/view.php?id=CVE-2023-28766
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device. Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 6MD89 ( CP300) (Todas las versiones >= V7.80 < V9.60), SIPROTEC 5 6MU85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (Todas las versiones), SIPROTEC 5 7SA82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SA86 (CP300) (Todas las versiones >= V7.80 < V9.40 ), SIPROTEC 5 7SA87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (Todas las versiones), SIPROTEC 5 7SD82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SD86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones > = V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (Todas las versiones), SIPROTEC 5 7SK82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SK85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (Todas las versiones), SIPROTEC 5 7SL82 (CP150) (Todas las versiones < V9.40 ), SIPROTEC 5 7SL86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (Todas versiones >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (Todas las versiones >= V7.80 < V9.60), SIPROTEC 5 7ST86 (CP300) (Todas las versiones >= V7.80 < V9.40 ), SIPROTEC 5 7SX82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SX85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (Todas las versiones >= V7. 80 < V9.40), SIPROTEC 5 7UT82 (CP100) (Todas las versiones), SIPROTEC 5 7UT82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7UT85 (CP300) (Todas las versiones >= V7.80 < V9. 40), SIPROTEC 5 7UT86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) ( Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (Todas las versiones >= V7.80 < V9. 40), SIPROTEC 5 Communication Module ETH-BA-2EL (todas las versiones < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (todas las versiones < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (todas versiones < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (Todas las versiones < V9.40). Los dispositivos afectados carecen de una validación adecuada de los parámetros de solicitud http del servicio web alojado. Un atacante remoto no autenticado podría enviar paquetes especialmente manipulados que podrían provocar una condición de denegación de servicio del dispositivo objetivo. • https://cert-portal.siemens.com/productcert/html/ssa-322980.html https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2022-45044
https://notcve.org/view.php?id=CVE-2022-45044
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack. Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (versiones < V9.50), SIPROTEC 5 6MD85 (CP200) (Todas las versiones), SIPROTEC 5 6MD85 (CP300) (versiones < V9.50), SIPROTEC 5 6MD86 (CP200) (Todas las versiones), SIPROTEC 5 6MD86 (CP300) (versiones < V9.50), SIPROTEC 5 6MD89 (CP300) (versiones < V9.60), SIPROTEC 5 6MU85 (CP300) (versiones < V9. 50), SIPROTEC 5 7KE85 (CP200) (Todas las versiones), SIPROTEC 5 7KE85 (CP300) (versiones < V9.60), SIPROTEC 5 7SA82 (CP100) (Todas las versiones), SIPROTEC 5 7SA82 (CP150) (versiones < V9.50), SIPROTEC 5 7SA84 (CP200) (Todas las versiones), SIPROTEC 5 7SA86 (CP200) (Todas las versiones), SIPROTEC 5 7SA86 (CP300) (versiones < V9.50), SIPROTEC 5 7SA87 (CP200) (Todas las versiones), SIPROTEC 5 7SA87 (CP300) (versiones < V9.50), SIPROTEC 5 7SD82 (CP100) (Todas las versiones), SIPROTEC 5 7SD82 (CP150) (versiones < V9.50), SIPROTEC 5 7SD84 (CP200) (Todas las versiones), SIPROTEC 5 7SD86 (CP200) (Todas las versiones), SIPROTEC 5 7SD86 (CP300) (versiones < V9.50), SIPROTEC 5 7SD87 (CP200) (Todas las versiones), SIPROTEC 5 7SD87 (CP300) (versiones < V9.50), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones), SIPROTEC 5 7SJ81 (CP150) (versiones < V9.50), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones), SIPROTEC 5 7SJ82 (CP150) (versiones < V9.50), SIPROTEC 5 7SJ85 (CP200) (Todas las versiones), SIPROTEC 5 7SJ85 (CP300) (versiones < V9.50), SIPROTEC 5 7SJ86 (CP200) (Todas las versiones), SIPROTEC 5 7SJ86 ( CP300) (versiones < V9.50), SIPROTEC 5 7SK82 (CP100) (Todas las versiones), SIPROTEC 5 7SK82 (CP150) (versiones < V9.50), SIPROTEC 5 7SK85 (CP200) (Todas las versiones), SIPROTEC 5 7SK85 (CP300) (versiones < V9.50), SIPROTEC 5 7SL82 (CP100) (Todas las versiones), SIPROTEC 5 7SL82 (CP150) (versiones < V9.50), SIPROTEC 5 7SL86 (CP200) (Todas las versiones), SIPROTEC 5 7SL86 (CP300) (versiones < V9.50), SIPROTEC 5 7SL87 (CP200) (Todas las versiones), SIPROTEC 5 7SL87 (CP300) (versiones < V9.50), SIPROTEC 5 7SS85 (CP200) (Todas las versiones), SIPROTEC 5 7SS85 (CP300) (versiones < V9.50), SIPROTEC 5 7ST85 (CP200) (Todas las versiones), SIPROTEC 5 7ST85 (CP300) (versiones < V9.60), SIPROTEC 5 7ST86 (CP300) (versiones < V9.60), SIPROTEC 5 7SX82 (CP150) (versiones < V9.50), SIPROTEC 5 7SX85 (CP300) (versiones < V9.50), SIPROTEC 5 7UM85 (CP300) (versiones < V9. 50), SIPROTEC 5 7UT82 (CP100) (Todas las versiones), SIPROTEC 5 7UT82 (CP150) (versiones < V9.50), SIPROTEC 5 7UT85 (CP200) (Todas las versiones), SIPROTEC 5 7UT85 (CP300) (versiones < V9.50), SIPROTEC 5 7UT86 (CP200) (Todas las versiones), SIPROTEC 5 7UT86 (CP300) (versiones < V9.50), SIPROTEC 5 7UT87 (CP200) (Todas las versiones), SIPROTEC 5 7UT87 (CP300) (versiones < V9.50), SIPROTEC 5 7VE85 (CP300) (versiones < V9.50), SIPROTEC 5 7VK87 (CP200) (Todas las versiones), SIPROTEC 5 7VK87 (CP300) (versiones < V9.50), SIPROTEC 5 7VU85 (CP300) (versiones < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (versiones < V9.50 instaladas en dispositivos CP150 y CP300), SIPROTEC 5 Communication Module ETH-BA-2EL (Todas las versiones instaladas en dispositivos CP100 y CP200), SIPROTEC 5 Communication Module ETH-BB-2FO (versiones < V9.50 instaladas en dispositivos CP150 y CP300), SIPROTEC 5 Communication Module ETH-BB-2FO (Todas las versiones instaladas en dispositivos CP100 y CP200) , SIPROTEC 5 Communication Module ETH-BD-2FO (versiones < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (versiones < V9.50). Los dispositivos afectados no restringen adecuadamente las renegociaciones seguras iniciadas por el cliente dentro de los protocolos SSL y TLS. Esto podría permitir a un atacante crear una condición de denegación de servicio en los puertos 443/tcp y 4443/tcp mientras dure el ataque. • https://cert-portal.siemens.com/productcert/html/ssa-552874.html https://cert-portal.siemens.com/productcert/pdf/ssa-552874.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37206
https://notcve.org/view.php?id=CVE-2021-37206
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. Se ha identificado una vulnerabilidad en los relés SIPROTEC 5 con variantes de CPUCP050 (Todas las versiones anteriores a V8.80), relés SIPROTEC 5 con variantes de CPUCP100 (Todas las versiones anteriores a V8.80), relés SIPROTEC 5 con variantes de CPUCP300 (Todas las versiones anteriores a V8.80). Los paquetes web recibidos no se procesan correctamente. • https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-33720
https://notcve.org/view.php?id=CVE-2021-33720
A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition. Se ha identificado una vulnerabilidad en los relés SIPROTEC 5 con variantes de CPU CP050 (Todas las versiones anteriores a V8.80), relés SIPROTEC 5 con variantes de CPU CP100 (Todas las versiones anteriores a V8.80), relés SIPROTEC 5 con variantes de CPU CP300 (Todas las versiones anteriores a V8.80). Los paquetes especialmente diseñados enviados al puerto 4443/tcp podrían causar una condición de denegación de servicio • https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •