Bandwidth Limitation Flaw in SIPROTEC 5 Products by Siemens
CVE-2025-40570

2.4LOW

Key Information:

Vendor: Siemens
Status: Siprotec 5 6md84 (cp300); Siprotec 5 6md85 (cp300); Siprotec 5 6md86 (cp300); Siprotec 5 6md89 (cp300)
Vendor: CVE Published:; 12 August 2025

What is CVE-2025-40570?

A vulnerability in the Siemens SIPROTEC 5 series allows unauthorized users with physical access to exploit the devices through the local USB port. By sending specially crafted high-bandwidth packets, an attacker can cause devices to exhaust memory resources and stop responding to network traffic. Affected devices will automatically reset following a successful exploitation, although their core protective functions remain intact.

Affected Version(s)

SIPROTEC 5 6MD84 (CP300) 0

SIPROTEC 5 6MD85 (CP300) V7.80

SIPROTEC 5 6MD86 (CP300) V7.80

References

https://cert-portal.siemens.com/productcert/html/ssa-8940...

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2025
Vulnerability Reserved
Apr 16, 2025