Risk Summary
The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session identifiers are only used in a subset of the endpoints that are provided by the affected products. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.
CVEs (1)
Remediations
- Currently no fix is available
- Update to V11.0 or later version
Affected Vendors
Siemens
Affected Products (63)
Siemens
·
SIPROTEC 5 6MD84 (CP300)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 6MD85 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 6MD85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 6MD86 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 6MD86 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 6MD89 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 6MU85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7KE85 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7KE85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SA82 (CP100)
vers:intdot/>=7.80
Siemens
·
SIPROTEC 5 7SA82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SA84 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SA86 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SA86 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SA87 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SA87 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SD82 (CP100)
vers:intdot/>=7.80
Siemens
·
SIPROTEC 5 7SD82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SD84 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SD86 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SD86 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SD87 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SD87 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SJ81 (CP100)
vers:intdot/>=7.80
Siemens
·
SIPROTEC 5 7SJ81 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SJ82 (CP100)
vers:intdot/>=7.80
Siemens
·
SIPROTEC 5 7SJ82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SJ85 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SJ85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SJ86 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SJ86 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SK82 (CP100)
vers:intdot/>=7.80
Siemens
·
SIPROTEC 5 7SK82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SK85 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SK85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SL82 (CP100)
vers:intdot/>=7.80
Siemens
·
SIPROTEC 5 7SL82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SL86 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SL86 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SL87 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SL87 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7SS85 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7SS85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7ST85 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7ST85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7ST86 (CP300)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SX82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SX85 (CP300)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7SY82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7UM85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7UT82 (CP100)
vers:intdot/>=7.80
Siemens
·
SIPROTEC 5 7UT82 (CP150)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 7UT85 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7UT85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7UT86 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7UT86 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7UT87 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7UT87 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7VE85 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7VK87 (CP200)
vers:all/*
Siemens
·
SIPROTEC 5 7VK87 (CP300)
vers:intdot/>=7.80|<11.0
Siemens
·
SIPROTEC 5 7VU85 (CP300)
vers:intdot/<11.0
Siemens
·
SIPROTEC 5 Compact 7SX800 (CP050)
vers:intdot/<11.0
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more