File Upload Vulnerability in SIPROTEC 5 Products by Siemens
CVE-2025-40808
6.9MEDIUM
Key Information:
- Vendor
Siemens
- Status
- Vendor
- CVE Published:
- 9 June 2026
What is CVE-2025-40808?
A vulnerability exists within multiple versions of the SIPROTEC 5 series, allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol. This flaw can lead to the upload of malicious configuration files, resulting in a denial of service condition and potentially enabling code execution, thereby compromising system integrity.
Affected Version(s)
SIPROTEC 5 6MD84 (CP300) 0
SIPROTEC 5 6MD85 (CP200) 0
SIPROTEC 5 6MD85 (CP300) 0