QID 590695

Date Published: 2022-03-17

QID 590695: Siemens SIPROTEC 5 (Update A) Vulnerability (ICSA-21-257-16)

AFFECTED PRODUCTS
The following Siemens products are affected:
SIPROTEC 5 relays with CPU variants CP050: All versions prior to v8.80
SIPROTEC 5 relays with CPU variants CP100: All versions prior to v8.80
SIPROTEC 5 relays with CPU variants CP200: All versions
SIPROTEC 5 relays with CPU variants CP300: All versions prior to v8.80

QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning

Successful exploitation of this vulnerability could allow unauthorized users to cause a denial-of-service condition by sending maliciously crafted web requests.

  • CVSS V3 rated as High - 7.5 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution

    Customers are advised to refer to CERT MITIGATIONS section ICSA-21-257-16 for affected packages and patching details.

    Vendor References

    CVEs related to QID 590695

    Software Advisories
    Advisory ID Software Component Link
    ICSA-21-257-16 URL Logo www.us-cert.gov/ics/advisories/ICSA-21-257-16