Volerion logoVolerion
Volerion logoVolerion

Siemens SIPROTEC 5 Improper Bandwidth Limitation Vulnerability Over USB Port

Vulnerability

A vulnerability exists in various SIPROTEC 5 devices, specifically in the 6MD84, 6MD85, 6MD86, 6MD89, 6MU85, 7KE85, 7SA82, 7SA86, 7SA87, 7SD82, 7SD86, 7SD87, 7SJ81, 7SJ82, 7SJ85, 7SJ86, 7SK82, 7SK85, 7SL82, 7SL86, 7SL87, 7SS85, 7ST85, 7ST86, 7SX82, 7SX85, 7SY82, 7UM85, 7UT82, 7UT85, 7UT86, 7UT87, 7VE85, 7VK87, 7VU85, and Compact 7SX800 (CP050) product lines. The vulnerability affects all versions prior to V10.0, with specific conditions for some versions. The issue arises because these devices do not adequately restrict the bandwidth of incoming network packets through the local USB port. This flaw could enable an attacker with physical access to send high-bandwidth packets, causing the device to deplete its memory and cease communication over the USB port. After such an attack, the devices automatically reset, although their protective functions remain intact.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, where the device becomes unresponsive to network traffic via the local USB port, causing disruption in communication. However, the device's protection functions are not compromised. After a successful attack, the affected device resets automatically.

Remediation

Siemens has released version V10.0 for the affected products and recommends updating to this version or later. For SIPROTEC 5 Compact 7SX800 (CP050), all versions prior to V10.0 are affected. General security guidelines can be found on the Siemens Grid Security website.

Added: Aug 12, 2025, 12:45 PM
Updated: Aug 12, 2025, 3:04 PM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
2.5
exploitability
3.5
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.