Siemens SIPROTEC 5 Sensitive Data Exposure Vulnerability

A vulnerability allowing sensitive data exposure has been identified in various SIPROTEC 5 devices, including those with CP100, CP150, and CP300 configurations, as well as the SIPROTEC 5 Compact 7SX800 (CP050). All versions of these products are affected. The vulnerability arises because the devices include session identifiers in URL requests for certain functionalities. This could enable an attacker to access sensitive session data from browser history, logs, or other storage mechanisms, potentially leading to unauthorized access.

Impact

Exploitation of this vulnerability could allow an attacker to retrieve sensitive session data, which could be used to gain unauthorized access to the affected device or its functionalities.

Remediation

Currently, no fix is available for this vulnerability. Siemens recommends following general security guidelines and applying any available security updates. For more information on Siemens security recommendations, visit the Siemens Grid Security website.