CVE-2024-38867
https://notcve.org/view.php?id=CVE-2024-38867
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from those ports. Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MD85 (CP200) (Todas las versiones), SIPROTEC 5 6MD85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MD86 (CP200) (Todas las versiones), SIPROTEC 5 6MD86 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MD89 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 6MU85 (CP300) (Todas las versiones < V9. 64), SIPROTEC 5 7KE85 (CP200) (Todas las versiones), SIPROTEC 5 7KE85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7SA82 (CP100) (Todas las versiones), SIPROTEC 5 7SA82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SA84 (CP200) (Todas las versiones), SIPROTEC 5 7SA86 (CP200) (Todas las versiones), SIPROTEC 5 7SA86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SA87 (CP200) (Todas versiones), SIPROTEC 5 7SA87 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SD82 (CP100) (Todas las versiones), SIPROTEC 5 7SD82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SD84 (CP200) (Todas las versiones), SIPROTEC 5 7SD86 (CP200) (Todas las versiones), SIPROTEC 5 7SD86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SD87 (CP200) (Todas las versiones), SIPROTEC 5 7SD87 (CP300) (Todas versiones < V9.65), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones < V8.89), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones < V8.89 ), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SJ85 (CP200) (Todas las versiones), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SJ86 (CP200) ( Todas las versiones), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SK82 (CP100) (Todas las versiones < V8.89), SIPROTEC 5 7SK82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SK85 (CP200) (Todas las versiones), SIPROTEC 5 7SK85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SL82 (CP100) (Todas las versiones), SIPROTEC 5 7SL82 (CP150) (Todas las versiones < V9.65) , SIPROTEC 5 7SL86 (CP200) (Todas las versiones), SIPROTEC 5 7SL86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7SL87 (CP200) (Todas las versiones), SIPROTEC 5 7SL87 (CP300) (Todas las versiones < V9. 65), SIPROTEC 5 7SS85 (CP200) (Todas las versiones), SIPROTEC 5 7SS85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7ST85 (CP200) (Todas las versiones), SIPROTEC 5 7ST85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7ST86 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7SX82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7SX85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7UM85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7UT82 (CP100) (Todas las versiones), SIPROTEC 5 7UT82 (CP150) (Todas las versiones < V9.65), SIPROTEC 5 7UT85 (CP200) (Todas las versiones ), SIPROTEC 5 7UT85 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7UT86 (CP200) (Todas las versiones), SIPROTEC 5 7UT86 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7UT87 (CP200) ( Todas las versiones), SIPROTEC 5 7UT87 (CP300) (Todas las versiones < V9.65), SIPROTEC 5 7VE85 (CP300) (Todas las versiones < V9.64), SIPROTEC 5 7VK87 (CP200) (Todas las versiones), SIPROTEC 5 7VK87 (CP300 ) (Todas las versiones < V9.65), SIPROTEC 5 7VU85 (CP300) (Todas las versiones < V9.64), Módulo de comunicación SIPROTEC 5 ETH-BA-2EL (Rev.1) (Todas las versiones < V9.62 instaladas en CP150 y dispositivos CP300), módulo de comunicación SIPROTEC 5 ETH-BA-2EL (Rev.1) (todas las versiones instaladas en dispositivos CP200), módulo de comunicación SIPROTEC 5 ETH-BA-2EL (Rev.1) (todas las versiones < V8.89 instaladas en dispositivos CP100), Módulo de comunicación SIPROTEC 5 ETH-BB-2FO (Rev. 1) (Todas las versiones instaladas en dispositivos CP200), Módulo de comunicación SIPROTEC 5 ETH-BB-2FO (Rev. 1) (Todas las versiones < V9.62 instaladas en dispositivos CP150 y CP300), Módulo de comunicación SIPROTEC 5 ETH-BB-2FO ( Rev. 1) (Todas las versiones < V8.89 instaladas en dispositivos CP100), Mó A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All v • https://cert-portal.siemens.com/productcert/html/ssa-750499.html • CWE-326: Inadequate Encryption Strength •
CVE-2023-28766
https://notcve.org/view.php?id=CVE-2023-28766
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device. Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 6MD89 ( CP300) (Todas las versiones >= V7.80 < V9.60), SIPROTEC 5 6MU85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (Todas las versiones), SIPROTEC 5 7SA82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SA86 (CP300) (Todas las versiones >= V7.80 < V9.40 ), SIPROTEC 5 7SA87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (Todas las versiones), SIPROTEC 5 7SD82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SD86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (Todas las versiones), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SJ82 (CP100) (Todas las versiones), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones > = V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (Todas las versiones), SIPROTEC 5 7SK82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SK85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (Todas las versiones), SIPROTEC 5 7SL82 (CP150) (Todas las versiones < V9.40 ), SIPROTEC 5 7SL86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (Todas versiones >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (Todas las versiones >= V7.80 < V9.60), SIPROTEC 5 7ST86 (CP300) (Todas las versiones >= V7.80 < V9.40 ), SIPROTEC 5 7SX82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7SX85 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (Todas las versiones >= V7. 80 < V9.40), SIPROTEC 5 7UT82 (CP100) (Todas las versiones), SIPROTEC 5 7UT82 (CP150) (Todas las versiones < V9.40), SIPROTEC 5 7UT85 (CP300) (Todas las versiones >= V7.80 < V9. 40), SIPROTEC 5 7UT86 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) ( Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (Todas las versiones >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (Todas las versiones >= V7.80 < V9. 40), SIPROTEC 5 Communication Module ETH-BA-2EL (todas las versiones < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (todas las versiones < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (todas versiones < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (Todas las versiones < V9.40). Los dispositivos afectados carecen de una validación adecuada de los parámetros de solicitud http del servicio web alojado. Un atacante remoto no autenticado podría enviar paquetes especialmente manipulados que podrían provocar una condición de denegación de servicio del dispositivo objetivo. • https://cert-portal.siemens.com/productcert/html/ssa-322980.html https://cert-portal.siemens.com/productcert/pdf/ssa-322980.pdf • CWE-476: NULL Pointer Dereference •