File Upload Vulnerability in SIPROTEC 5 Products by Siemens
CVE-2025-40808

6.9MEDIUM

What is CVE-2025-40808?

A vulnerability exists within multiple versions of the SIPROTEC 5 series, allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol. This flaw can lead to the upload of malicious configuration files, resulting in a denial of service condition and potentially enabling code execution, thereby compromising system integrity.

Affected Version(s)

SIPROTEC 5 6MD84 (CP300) 0

SIPROTEC 5 6MD85 (CP200) 0

SIPROTEC 5 6MD85 (CP300) 0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.