CVE-2023-28766
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: productcert@siemens.com (Secondary)
Description
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.
An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.
Affected (63)
Products: Siemens: Siprotec 5 6md85 Firmware, Siprotec 5 6md86 Firmware, Siprotec 5 6md89 Firmware, Siprotec 5 6mu85 Firmware, Siprotec 5 7ke85 Firmware, Siprotec 5 7sa82 Firmware, Siprotec 5 7sa86 Firmware, Siprotec 5 7sa87 Firmware, Siprotec 5 7sd82 Firmware, Siprotec 5 7sd86 Firmware, Siprotec 5 7sd87 Firmware, Siprotec 5 7sj81 Firmware, Siprotec 5 7sj82 Firmware, Siprotec 5 7sj85 Firmware, Siprotec 5 7sj86 Firmware, Siprotec 5 7sk82 Firmware, Siprotec 5 7sk85 Firmware, Siprotec 5 7sl82 Firmware, Siprotec 5 7sl86 Firmware, Siprotec 5 7sl87 Firmware, Siprotec 5 7ss85 Firmware, Siprotec 5 7st85 Firmware, Siprotec 5 7sx85 Firmware, Siprotec 5 7um85 Firmware, Siprotec 5 7ut82 Firmware, Siprotec 5 7ut85 Firmware, Siprotec 5 7ut86 Firmware, Siprotec 5 7ut87 Firmware, Siprotec 5 7ve85 Firmware, Siprotec 5 7vk87 Firmware, Siprotec 5 Communication Module Ethba2el Firmware, Siprotec 5 Communication Module Ethbb2fo Firmware, Siprotec 5 Communication Module Ethbd2fo Firmware, Siprotec 5 Compact 7sx800 Firmware, Siprotec 5 7sa84 Firmware, Siprotec 5 7sd84 Firmware, Siprotec 5 7st86 Firmware, Siprotec 5 7sx82 Firmware, Siprotec 5 7vu85 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md85 | Version cp200 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md85 | Version cp300 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md86 | Version cp200 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md86 | Version cp300 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6md89 | Version cp300 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 6mu85 | Version cp300 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ke85 | Version cp200 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ke85 | Version cp300 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa82 | Version cp100 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa82 | Version cp150 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa86 | Version cp200 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa86 | Version cp300 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa87 | Version cp200 |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa87 | Version cp300 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd82 | Version cp100 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd82 | Version cp150 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd86 | Version cp200 |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd86 | Version cp300 |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd87 | Version cp200 |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd87 | Version cp300 |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj81 | Version cp100 |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj81 | Version cp150 |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj82 | Version cp100 |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj82 | Version cp150 |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj85 | Version cp200 |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj85 | Version cp300 |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj86 | Version cp200 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sj86 | Version cp300 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk82 | Version cp100 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk82 | Version cp150 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk85 | Version cp200 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sk85 | Version cp300 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl82 | Version cp100 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl82 | Version cp150 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl86 | Version cp200 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl86 | Version cp300 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl87 | Version cp200 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sl87 | Version cp300 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ss85 | Version cp200 |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ss85 | Version cp300 |
Configuration O
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7st85 | Version cp200 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7st85 | Version cp300 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sx85 | Version cp300 |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7um85 | Version cp300 |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut82 | Version cp100 |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut82 | Version cp150 |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut85 | Version cp200 |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut85 | Version cp300 |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut86 | Version cp200 |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut86 | Version cp300 |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut87 | Version cp200 |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ut87 | Version cp300 |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7ve85 | Version cp300 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7vk87 | Version cp200 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7vk87 | Version cp300 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Communication Module Ethba2el | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Communication Module Ethbb2fo | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Communication Module Ethbd2fo | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 Compact 7sx800 | Version cp050 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sa84 | Version cp200 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sd84 | Version cp200 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7st86 | Version cp300 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7sx82 | Version cp150 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 9.40 |
| Running on/with | Platform Versions |
|---|---|
Siemens Siprotec 5 7vu85 | Version cp300 |
Related CWEs
References (4)
Source: productcert@siemens.com
Source: productcert@siemens.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.