7.5

CVE-2023-28766

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.
An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.

Data is provided by the National Vulnerability Database (NVD)
SiemensSiprotec 5 6md85 Firmware Version < 9.40
   SiemensSiprotec 5 6md85 Versioncp300
SiemensSiprotec 5 6md86 Firmware Version < 9.40
   SiemensSiprotec 5 6md86 Versioncp300
SiemensSiprotec 5 6mu85 Firmware Version < 9.40
   SiemensSiprotec 5 6mu85 Versioncp300
SiemensSiprotec 5 7ke85 Firmware Version < 9.40
   SiemensSiprotec 5 7ke85 Versioncp300
SiemensSiprotec 5 7sa82 Firmware Version < 9.40
   SiemensSiprotec 5 7sa82 Versioncp150
SiemensSiprotec 5 7sa86 Firmware Version < 9.40
   SiemensSiprotec 5 7sa86 Versioncp300
SiemensSiprotec 5 7sa87 Firmware Version < 9.40
   SiemensSiprotec 5 7sa87 Versioncp300
SiemensSiprotec 5 7sd82 Firmware Version < 9.40
   SiemensSiprotec 5 7sd82 Versioncp150
SiemensSiprotec 5 7sd86 Firmware Version < 9.40
   SiemensSiprotec 5 7sd86 Versioncp300
SiemensSiprotec 5 7sd87 Firmware Version < 9.40
   SiemensSiprotec 5 7sd87 Versioncp300
SiemensSiprotec 5 7sj81 Firmware Version < 9.40
   SiemensSiprotec 5 7sj81 Versioncp150
SiemensSiprotec 5 7sj82 Firmware Version < 9.40
   SiemensSiprotec 5 7sj82 Versioncp150
SiemensSiprotec 5 7sj85 Firmware Version < 9.40
   SiemensSiprotec 5 7sj85 Versioncp300
SiemensSiprotec 5 7sj86 Firmware Version < 9.40
   SiemensSiprotec 5 7sj86 Versioncp300
SiemensSiprotec 5 7sk82 Firmware Version < 9.40
   SiemensSiprotec 5 7sk82 Versioncp150
SiemensSiprotec 5 7sk85 Firmware Version < 9.40
   SiemensSiprotec 5 7sk85 Versioncp300
SiemensSiprotec 5 7sl82 Firmware Version < 9.40
   SiemensSiprotec 5 7sl82 Versioncp150
SiemensSiprotec 5 7sl86 Firmware Version < 9.40
   SiemensSiprotec 5 7sl86 Versioncp300
SiemensSiprotec 5 7sl87 Firmware Version < 9.40
   SiemensSiprotec 5 7sl87 Versioncp300
SiemensSiprotec 5 7ss85 Firmware Version < 9.40
   SiemensSiprotec 5 7ss85 Versioncp300
SiemensSiprotec 5 7sx85 Firmware Version < 9.40
   SiemensSiprotec 5 7sx85 Versioncp300
SiemensSiprotec 5 7um85 Firmware Version < 9.40
   SiemensSiprotec 5 7um85 Versioncp300
SiemensSiprotec 5 7ut82 Firmware Version < 9.40
   SiemensSiprotec 5 7ut82 Versioncp150
SiemensSiprotec 5 7ut85 Firmware Version < 9.40
   SiemensSiprotec 5 7ut85 Versioncp300
SiemensSiprotec 5 7ut86 Firmware Version < 9.40
   SiemensSiprotec 5 7ut86 Versioncp300
SiemensSiprotec 5 7ut87 Firmware Version < 9.40
   SiemensSiprotec 5 7ut87 Versioncp300
SiemensSiprotec 5 7ve85 Firmware Version < 9.40
   SiemensSiprotec 5 7ve85 Versioncp300
SiemensSiprotec 5 7vk87 Firmware Version < 9.40
   SiemensSiprotec 5 7vk87 Versioncp300
SiemensSiprotec 5 7sx82 Firmware Version < 9.40
   SiemensSiprotec 5 7sx82 Versioncp150
SiemensSiprotec 5 7vu85 Firmware Version < 9.40
   SiemensSiprotec 5 7vu85 Versioncp300
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.2% 0.427
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
productcert@siemens.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.