Denial-of-Service Vulnerabilities in SIPROTEC 5 relays

Act Now9.8SSA-847986Sep 14, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Two vulnerabilities in SIPROTEC 5 relays (CP050, CP100, CP300 variants) allow remote denial-of-service and potential remote code execution via buffer overflow (CWE-120) on the relay's network interface. An attacker can send crafted packets without authentication to crash the relay or execute commands, disrupting power system protection and control functions. Siemens has released firmware version 8.80 and later to correct these issues.

What this means

What could happen

A remote attacker can crash SIPROTEC 5 relays or potentially execute commands on them, which would disrupt protection and control functions for power systems until the device is rebooted and restored.

Who's at risk

Electric utilities operating SIPROTEC 5 protection relays (CP050, CP100, CP300 variants) in power distribution or transmission systems. These relays are critical for detecting faults and isolating equipment; DoS disruption could prevent protective action during electrical faults and create safety or service reliability risks.

How it could be exploited

An attacker with network access to the relay's management interface sends specially crafted packets that exploit a buffer overflow condition (CWE-120), causing the relay to stop responding or executing code. No authentication is required.

Prerequisites

Network access to the SIPROTEC 5 relay's Ethernet management port (typically port 80 or management protocols)
SIPROTEC 5 relay running firmware version before V8.80

remotely exploitableno authentication requiredlow complexityaffects critical protection systemspotential remote code executionhigh CVSS score (9.8)

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

SIPROTEC 5 relays with CPU variants CP050< V8.808.80

SIPROTEC 5 relays with CPU variants CP100< V8.808.80

SIPROTEC 5 relays with CPU variants CP300< V8.808.80

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to SIPROTEC 5 relay management interfaces using firewall rules; allow only authorized engineering workstations and supervisory control systems

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SIPROTEC 5 relays (CP050, CP100, CP300 variants) to firmware version 8.80 or later

Long-term hardening

0/1

HARDENINGSegment SIPROTEC 5 relays onto a protected OT network separate from general IT; implement access controls between IT and power protection networks

CVEs (2)

CVE-2021-33719 CVE-2021-33720

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0b975539-33ff-4e0b-91a3-4ebfc26c6979