CVE-2024-38867
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIPROTEC 5 6MD84 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 6MD85 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 6MD85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 6MD86 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 6MD86 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 6MD89 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 6MU85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 7KE85 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7KE85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 7SA82 (CP100) | 0 < V8.90 | affected |
| Siemens | SIPROTEC 5 7SA82 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SA84 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SA86 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SA86 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SA87 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SA87 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SD82 (CP100) | 0 < V8.90 | affected |
| Siemens | SIPROTEC 5 7SD82 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SD84 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SD86 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SD86 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SD87 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SD87 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SJ81 (CP100) | 0 < V8.89 | affected |
| Siemens | SIPROTEC 5 7SJ81 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SJ82 (CP100) | 0 < V8.89 | affected |
| Siemens | SIPROTEC 5 7SJ82 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SJ85 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SJ85 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SJ86 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SJ86 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SK82 (CP100) | 0 < V8.89 | affected |
| Siemens | SIPROTEC 5 7SK82 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SK85 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SK85 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SL82 (CP100) | 0 < V8.90 | affected |
| Siemens | SIPROTEC 5 7SL82 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SL86 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SL86 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SL87 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SL87 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SS85 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7SS85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 7ST85 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7ST85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 7ST86 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 7SX82 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7SX85 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7UM85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 7UT82 (CP100) | 0 < V8.90 | affected |
| Siemens | SIPROTEC 5 7UT82 (CP150) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7UT85 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7UT85 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7UT86 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7UT86 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7UT87 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7UT87 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7VE85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 7VK87 (CP200) | 0 < * | affected |
| Siemens | SIPROTEC 5 7VK87 (CP300) | 0 < V9.65 | affected |
| Siemens | SIPROTEC 5 7VU85 (CP300) | 0 < V9.64 | affected |
| Siemens | SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) | 0 < V9.62 | affected |
| Siemens | SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) | 0 < * | affected |
| Siemens | SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) | 0 < V8.89 | affected |
| Siemens | SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) | 0 < * | affected |
| Siemens | SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) | 0 < V9.62 | affected |
| Siemens | SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) | 0 < V8.89 | affected |
| Siemens | SIPROTEC 5 Communication Module ETH-BD-2FO | 0 < V9.62 | affected |
| Siemens | SIPROTEC 5 Compact 7SX800 (CP050) | 0 < V9.64 | affected |
Weaknesses
- CWE-326: CWE-326: Inadequate Encryption Strength
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.