OTPulse
FeedAboutContact

Denial-of-Service Vulnerabilities in SIPROTEC 5 Devices

Plan Patch7.5SSA-500748Sep 14, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

SIPROTEC 5 relays are vulnerable to a Denial-of-Service condition in their web interface. Maliciously crafted web requests can crash the web service, making the device unavailable for remote monitoring and configuration. The input validation flaw (CWE-20) allows unauthorized users to trigger the crash without credentials.

What this means
What could happen
An attacker on the network could crash the web interface of your SIPROTEC 5 relay by sending malicious web requests, potentially making the device unavailable for remote monitoring and control until it is manually rebooted.
Who's at risk
Power utilities and substation operators who rely on SIPROTEC 5 protection relays for generator protection, feeder protection, or transformer protection. Any facility using CP050, CP100, or CP300 variants running firmware below version 8.80 is affected. This includes protection relays at substations, power plants, and distribution networks.
How it could be exploited
An attacker sends a specially crafted web request to the SIPROTEC 5 relay's web interface (port 80/443). The device fails to properly validate the request, causing the web service to crash. The relay itself continues to function for local protection logic, but remote access and configuration via the web interface is lost.
Prerequisites
  • Network access to the SIPROTEC 5 relay's web interface (HTTP/HTTPS port)
  • No authentication required
remotely exploitableno authentication requiredlow complexityaffects electrical protection systems
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (3)
3 with fix
ProductAffected VersionsFix Status
SIPROTEC 5 relays with CPU variants CP050< V8.808.80
SIPROTEC 5 relays with CPU variants CP100< V8.808.80
SIPROTEC 5 relays with CPU variants CP300< V8.808.80
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIPROTEC 5 devices (all CPU variants CP050, CP100, CP300) to firmware version 8.80 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/476be821-e3ff-4550-aebe-5734eae95b8a