Siemens SIPROTEC 5 6MD86
Easy fix3 remedies
cpe:2.3:h:siemens:siprotec_5_6md86:*:*:*:*:*:*:*, +1 more
Easy fix3 remedies
- < V9.90
Siemens SIPROTEC 5 Information Disclosure Vulnerability via SNMP GET Requests
Vulnerability
Patched
An information disclosure vulnerability exists in multiple SIPROTEC 5 products, specifically in certain versions of the 6MD84, 6MD85, 6MD86, 6MD89, 6MU85, 7KE85, 7SA82, 7SA86, 7SA87, 7SD82, 7SD86, 7SD87, 7SJ81, 7SJ82, 7SJ85, 7SJ86, 7SK82, 7SK85, 7SL82, 7SL86, 7SL87, 7SS85, 7ST85, 7ST86, 7UT82, 7UT85, 7UT86, 7UT87, 7VE85, 7VK87, 7VU85, and various communication modules. The vulnerability arises because affected devices do not properly validate SNMP GET requests. This flaw could enable an unauthenticated, remote attacker to use SNMPv2 GET requests with default credentials to retrieve sensitive information from the affected devices.
Impact
Exploitation of this vulnerability could lead to unauthorized retrieval of sensitive information from the affected devices via SNMP GET requests, using default credentials.
Remediation
Siemens has released version 9.90 for several affected products. For products in the 9.6x version line, a fix is available in version 9.68, and for those in the 9.8x line, version 9.83 is the recommended update. Communication modules must be updated to versions compatible with the device firmware. Specific update instructions can be found on the Siemens support website.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
7.8remediation
7.9relevance
0.0threat
0.0urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.