CVE-2022-45044
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD (Secondary)
Description
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.
Affected (34)
Products: Siemens: Siprotec 5 6md85 Firmware, Siprotec 5 6md86 Firmware, Siprotec 5 6md89 Firmware, Siprotec 5 6mu85 Firmware, Siprotec 5 7ke85 Firmware, Siprotec 5 7sa82 Firmware, Siprotec 5 7sa86 Firmware, Siprotec 5 7sa87 Firmware, Siprotec 5 7sd82 Firmware, Siprotec 5 7sd86 Firmware, Siprotec 5 7sd87 Firmware, Siprotec 5 7sj81 Firmware, Siprotec 5 7sj82 Firmware, Siprotec 5 7sj85 Firmware, Siprotec 5 7sj86 Firmware, Siprotec 5 7sk82 Firmware, Siprotec 5 7sk85 Firmware, Siprotec 5 7sl82 Firmware, Siprotec 5 7sl86 Firmware, Siprotec 5 7sl87 Firmware, Siprotec 5 7ss85 Firmware, Siprotec 5 7st85 Firmware, Siprotec 5 7sx85 Firmware, Siprotec 5 7um85 Firmware, Siprotec 5 7ut82 Firmware, Siprotec 5 7ut85 Firmware, Siprotec 5 7ut86 Firmware, Siprotec 5 7ut87 Firmware, Siprotec 5 7ve85 Firmware, Siprotec 5 7vk87 Firmware, Siprotec 5 Communication Module Ethba2el Firmware, Siprotec 5 Communication Module Ethbb2fo Firmware, Siprotec 5 Communication Module Ethbd2fo Firmware, Siprotec 5 Compact 7sx800 Firmware
Configuration A
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md85 | Version cp200 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md85 | Version cp300 |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md86 | Version cp200 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md86 | Version cp300 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md89 | Version cp300 |
Configuration F
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6mu85 | Version cp200 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6mu85 | Version cp300 |
Configuration H
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ke85 | Version cp200 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ke85 | Version cp300 |
Configuration J
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa82 | Version cp100 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa82 | Version cp150 |
Configuration L
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa86 | Version cp200 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa86 | Version cp300 |
Configuration N
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa87 | Version cp200 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa87 | Version cp300 |
Configuration P
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd82 | Version cp100 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd82 | Version cp150 |
Configuration R
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd86 | Version cp200 |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd86 | Version cp300 |
Configuration T
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd87 | Version cp200 |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd87 | Version cp300 |
Configuration V
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj81 | Version cp100 |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj81 | Version cp150 |
Configuration X
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj82 | Version cp100 |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj82 | Version cp150 |
Configuration Z
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj85 | Version cp200 |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj85 | Version cp300 |
Configuration B
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj86 | Version cp200 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj86 | Version cp300 |
Configuration D
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk82 | Version cp100 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk82 | Version cp150 |
Configuration F
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk85 | Version cp200 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk85 | Version cp300 |
Configuration H
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl82 | Version cp100 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl82 | Version cp150 |
Configuration J
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl86 | Version cp200 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl86 | Version cp300 |
Configuration L
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl87 | Version cp200 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl87 | Version cp300 |
Configuration N
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ss85 | Version cp200 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ss85 | Version cp300 |
Configuration P
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7st85 | Version cp200 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7st85 | Version cp300 |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sx85 | Version cp300 |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7um85 | Version cp300 |
Configuration T
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut82 | Version cp100 |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut82 | Version cp150 |
Configuration V
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut85 | Version cp200 |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut85 | Version cp300 |
Configuration X
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut86 | Version cp200 |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut86 | Version cp300 |
Configuration Z
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut87 | Version cp200 |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut87 | Version cp300 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ve85 | Version cp300 |
Configuration C
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7vk87 | Version cp200 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7vk87 | Version cp300 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Communication Module Ethba2el | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Communication Module Ethbb2fo | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Communication Module Ethbd2fo | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Compact 7sx800 | Version cp050 |
References (4)
Source: productcert@siemens.com
Source: productcert@siemens.com
MitigationVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
MitigationVendor Advisory
Timeline
No history available yet.