As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 7.0
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: SIPROTEC 5
- Vulnerability: Active Debug Code
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- Siemens SIPROTEC 5 7SK85 (CP300): All versions prior to V9.90
- Siemens SIPROTEC 5 7SJ81 (CP100): All versions
- Siemens SIPROTEC 5 7SL86 (CP300): All versions prior to V9.90
- Siemens SIPROTEC 5 7SL86 (CP200): All versions
- Siemens SIPROTEC 5 7SJ86 (CP300): All versions prior to V9.90
- Siemens SIPROTEC 5 7SK82 (CP100): All versions
- Siemens SIPROTEC 5 6MD84 (CP300): All versions prior to V9.90
- Siemens SIPROTEC 5 7SA87 (CP200): All versions
- Siemens SIPROTEC 5 7ST85 (CP300): All versions
- Siemens SIPROTEC 5 7SD87 (CP200): All versions
- Siemens SIPROTEC 5 7UT87 (CP300): All versions prior to V9.90
- Siemens SIPROTEC 5 6MD89 (CP300): All versions prior to V9.90
- Siemens SIPROTEC 5 7SD82 (CP100): All versions
- Sie
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: