Siemens SIPROTEC 5 | CISA

📰

Siemens SIPROTEC 5 | CISA

Cybersecurity and Infrastructure Security Agency CISA·cisa.gov·18 days ago

#facebook #linkedin #email #cvss #siprotec #vers

Reading 0:00

15s threshold

View CSAF Summary The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session identifiers are only used in a subset of the endpoints that are provided by the affected products. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available. The following versions of Siemens SIPROTEC 5 are affected: SIPROTEC 5 6MD84 (CP300) vers:intdot/<11.0 (CVE-2024-54017) SIPROTEC 5 6MD85 (CP200) vers:all/* () SIPROTEC 5 6MD85 (CP300) vers:intdot/>=7.80|<11.0 (CVE-2024-54017) SIPROTEC 5 6MD86 (CP200) vers:all/* () SIPROTEC 5 6MD86 (CP300) vers:intdot/>=7.80|<11.0 (CVE-2024-54017) SIPROTEC 5 6MD89 (CP300) vers:intdot/>=7.80|<11.0 (CVE-2024-54017) SIPROTEC 5 6MU85 (CP300) vers:intdot/>=7.80|<11.0 (CVE-2024-54017) SIPROTEC 5…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

Siemens SIPROTEC 5 | CISA