Development Shell Access Vulnerability in SIPROTEC 5 Products by Siemens
CVE-2024-53648

7HIGH

Key Information:

Vendor: Siemens
Status: Siprotec 5 6md84 (cp300); Siprotec 5 6md85 (cp200); Siprotec 5 6md85 (cp300); Siprotec 5 6md86 (cp200)
Vendor: CVE Published:; 11 February 2025

Summary

A significant vulnerability exists in several models of the SIPROTEC 5 series from Siemens, which fails to properly restrict access to a development shell over a physical interface. This weakness could enable an unauthenticated attacker with physical access to the device to execute arbitrary commands, potentially compromising the integrity and security of the affected systems.

Affected Version(s)

SIPROTEC 5 6MD84 (CP300) 0

SIPROTEC 5 6MD85 (CP200) 0

SIPROTEC 5 6MD85 (CP300) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6879...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Nov 21, 2024