Denial of Service Vulnerability in SIPROTEC 5 by Siemens
CVE-2022-45044

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Siprotec 5 6md84 (cp300); Siprotec 5 6md85 (cp200); Siprotec 5 6md85 (cp300); Siprotec 5 6md86 (cp200)
Vendor: CVE Published:; 13 December 2022

Summary

A vulnerability exists in various models of the SIPROTEC 5 series from Siemens, resulting from improper restrictions on secure client-initiated renegotiations within SSL and TLS protocols. This flaw can potentially enable attackers to launch denial of service attacks, causing disruption on designated ports (443/tcp and 4443/tcp). It is crucial for users of the affected products to apply relevant updates to ensure system integrity and availability.

Affected Version(s)

SIPROTEC 5 6MD84 (CP300) All versions < V9.50

SIPROTEC 5 6MD85 (CP200) 0

SIPROTEC 5 6MD85 (CP300) All versions < V9.50

References

https://cert-portal.siemens.com/productcert/pdf/ssa-55287...

https://cert-portal.siemens.com/productcert/html/ssa-5528...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 7, 2022