CVE-2024-52504

Summary

A vulnerability has been identified in SIPROTEC 4 6MD61 (All versions), SIPROTEC 4 6MD63 (All versions), SIPROTEC 4 6MD66 (All versions), SIPROTEC 4 6MD665 (All versions), SIPROTEC 4 7SA522 (All versions), SIPROTEC 4 7SA6 (All versions < V4.78), SIPROTEC 4 7SD5 (All versions < V4.78), SIPROTEC 4 7SD610 (All versions < V4.78), SIPROTEC 4 7SJ61 (All versions), SIPROTEC 4 7SJ62 (All versions), SIPROTEC 4 7SJ63 (All versions), SIPROTEC 4 7SJ64 (All versions), SIPROTEC 4 7SJ66 (All versions), SIPROTEC 4 7SS52 (All versions), SIPROTEC 4 7ST6 (All versions), SIPROTEC 4 7UM61 (All versions), SIPROTEC 4 7UM62 (All versions), SIPROTEC 4 7UT612 (All versions), SIPROTEC 4 7UT613 (All versions), SIPROTEC 4 7UT63 (All versions), SIPROTEC 4 7VE6 (All versions), SIPROTEC 4 7VK61 (All versions), SIPROTEC 4 7VU683 (All versions), SIPROTEC 4 Compact 7RW80 (All versions), SIPROTEC 4 Compact 7SD80 (All versions), SIPROTEC 4 Compact 7SJ80 (All versions), SIPROTEC 4 Compact 7SJ81 (All versions), SIPROTEC 4 Compact 7SK80 (All versions), SIPROTEC 4 Compact 7SK81 (All versions). Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.

Affected Software

VendorProductVersion RangeStatus
SiemensSIPROTEC 4 6MD610 < *affected
SiemensSIPROTEC 4 6MD630 < *affected
SiemensSIPROTEC 4 6MD660 < *affected
SiemensSIPROTEC 4 6MD6650 < *affected
SiemensSIPROTEC 4 7SA5220 < *affected
SiemensSIPROTEC 4 7SA60 < V4.78affected
SiemensSIPROTEC 4 7SD50 < V4.78affected
SiemensSIPROTEC 4 7SD6100 < V4.78affected
SiemensSIPROTEC 4 7SJ610 < *affected
SiemensSIPROTEC 4 7SJ620 < *affected
SiemensSIPROTEC 4 7SJ630 < *affected
SiemensSIPROTEC 4 7SJ640 < *affected
SiemensSIPROTEC 4 7SJ660 < *affected
SiemensSIPROTEC 4 7SS520 < *affected
SiemensSIPROTEC 4 7ST60 < *affected
SiemensSIPROTEC 4 7UM610 < *affected
SiemensSIPROTEC 4 7UM620 < *affected
SiemensSIPROTEC 4 7UT6120 < *affected
SiemensSIPROTEC 4 7UT6130 < *affected
SiemensSIPROTEC 4 7UT630 < *affected
SiemensSIPROTEC 4 7VE60 < *affected
SiemensSIPROTEC 4 7VK610 < *affected
SiemensSIPROTEC 4 7VU6830 < *affected
SiemensSIPROTEC 4 Compact 7RW800 < *affected
SiemensSIPROTEC 4 Compact 7SD800 < *affected
SiemensSIPROTEC 4 Compact 7SJ800 < *affected
SiemensSIPROTEC 4 Compact 7SJ810 < *affected
SiemensSIPROTEC 4 Compact 7SK800 < *affected
SiemensSIPROTEC 4 Compact 7SK810 < *affected

Weaknesses

  • CWE-754: CWE-754: Improper Check for Unusual or Exceptional Conditions

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References