Siemens SIPROTEC 5 6MD85
Easy fix2 remedies
cpe:2.3:h:siemens:siprotec_5_6md85:*:*:*:*:*:*:*, +1 more
Easy fix2 remedies
- < V9.80
Siemens SIPROTEC 5 Improper Limitation of Filesystem Access Vulnerability Allowing Arbitrary File Read
Vulnerability
Patched
A vulnerability exists in multiple SIPROTEC 5 products, specifically in certain versions of the 6MD84, 6MD85, 6MD86, 6MD89, 6MU85, 7KE85, 7SA82, 7SD82, 7SJ81, 7SJ82, 7SK82, 7SL82, 7SL86, 7SS85, 7ST85, 7UT82, 7UT85, 7UT86, 7UT87, 7VE85, 7VK87, 7VU85, 7SX82, 7SX85, 7SY82, 7UM85, and Compact 7SX800 (CP050) series. These devices do not properly restrict web server access to the filesystem, potentially allowing authenticated remote attackers to read arbitrary files or access the entire filesystem on affected devices.
Impact
Exploitation of this vulnerability could lead to unauthorized reading of files or the entire filesystem on the affected device.
Remediation
Siemens has released version 9.80 or later for several affected products. For SIPROTEC 5 CP100 devices, no fix is currently available. For CP300 devices, specific update instructions can be found in the Siemens Security Advisory SSA-194557.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.9remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.