Denial-of-Service and Remote Code Execution Vulnerability in Siemens SIPROTEC 5 Relays
CVE-2021-33719

9.8CRITICAL

Key Information:

Vendor
Siemens
Status
Siprotec 5 Relays With Cpu Variants Cp050
Siprotec 5 Relays With Cpu Variants Cp100
Siprotec 5 Relays With Cpu Variants Cp300
Vendor
CVE Published:
14 September 2021

Summary

A vulnerability exists in Siemens SIPROTEC 5 relays, specifically in the CPU variants CP050, CP100, and CP300, where specially crafted packets sent to port 4443/tcp can cause a Denial-of-Service condition. In some scenarios, this exploit may also enable remote code execution, potentially allowing an attacker to execute arbitrary commands on the affected devices. This poses significant risks to system integrity and availability, highlighting the urgent need for affected users to update to versions V8.80 or later.

Affected Version(s)

SIPROTEC 5 relays with CPU variants CP050 All versions < V8.80

SIPROTEC 5 relays with CPU variants CP100 All versions < V8.80

SIPROTEC 5 relays with CPU variants CP300 All versions < V8.80

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84798...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.