CVE-2024-54017
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST86 (CP300) (All versions < V11.0), SIPROTEC 5 7SX82 (CP150) (All versions < V11.0), SIPROTEC 5 7SX85 (CP300) (All versions < V11.0), SIPROTEC 5 7SY82 (CP150) (All versions < V11.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VU85 (CP300) (All versions < V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V11.0). Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | SIPROTEC 5 6MD84 (CP300) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 6MD85 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 6MD85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 6MD86 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 6MD86 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 6MD89 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 6MU85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7KE85 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7KE85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SA82 (CP100) | V7.80 < * | affected |
| Siemens | SIPROTEC 5 7SA82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SA84 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SA86 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SA86 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SA87 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SA87 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SD82 (CP100) | V7.80 < * | affected |
| Siemens | SIPROTEC 5 7SD82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SD84 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SD86 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SD86 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SD87 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SD87 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SJ81 (CP100) | V7.80 < * | affected |
| Siemens | SIPROTEC 5 7SJ81 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SJ82 (CP100) | V7.80 < * | affected |
| Siemens | SIPROTEC 5 7SJ82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SJ85 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SJ85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SJ86 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SJ86 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SK82 (CP100) | V7.80 < * | affected |
| Siemens | SIPROTEC 5 7SK82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SK85 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SK85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SL82 (CP100) | V7.80 < * | affected |
| Siemens | SIPROTEC 5 7SL82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SL86 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SL86 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SL87 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SL87 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SS85 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7SS85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7ST85 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7ST85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7ST86 (CP300) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SX82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SX85 (CP300) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7SY82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7UM85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7UT82 (CP100) | V7.80 < * | affected |
| Siemens | SIPROTEC 5 7UT82 (CP150) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 7UT85 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7UT85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7UT86 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7UT86 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7UT87 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7UT87 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7VE85 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7VK87 (CP200) | 0 < * | unaffected |
| Siemens | SIPROTEC 5 7VK87 (CP300) | V7.80 < V11.0 | affected |
| Siemens | SIPROTEC 5 7VU85 (CP300) | 0 < V11.0 | affected |
| Siemens | SIPROTEC 5 Compact 7SX800 (CP050) | 0 < V11.0 | affected |
Weaknesses
- CWE-334: CWE-334: Small Space of Random Values
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.