OTPulse
FeedAboutContact

Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5

Low Risk2.4SSA-894058Aug 12, 2025
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Affected SIPROTEC 5 devices do not properly limit the bandwidth for incoming network packets over their local USB port. An attacker with physical access could send specially crafted packets with high bandwidth to exhaust device memory and stop the device from responding to network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack and the protection function is not affected by this vulnerability.

What this means
What could happen
An attacker with physical access to the USB port could temporarily cause a SIPROTEC 5 protection relay to become unresponsive to network commands, which may disrupt monitoring and control of electrical protection systems until the device automatically restarts.
Who's at risk
Electrical utilities and transportation operators using SIPROTEC 5 protection relays (including models 6MD84, 6MD85, 6MD86, 6MD89, 6MU85, 7KE85, 7SA82, 7SA86, 7SA87, 7SD82, 7SD86, 7SD87, 7SJ81, 7SJ82, 7SJ85, 7SJ86, 7SK82, 7SK85, 7SL82, 7SL86, 7SL87, 7SS85, 7ST85, 7ST86, 7SX82, 7SX85, 7SY82, 7UM85, 7UT82, 7UT85, 7UT86, 7UT87, 7VE85, 7VK87, 7VU85, and Compact 7SX800) should update their devices. These relays protect critical power infrastructure and grid assets.
How it could be exploited
An attacker with physical access to the device's local USB port sends specially crafted packets with excessive bandwidth. The device fails to rate-limit incoming USB traffic, exhausting device memory and causing it to stop responding to network packets until it automatically resets.
Prerequisites
  • Physical access to the SIPROTEC 5 device's local USB port
  • Ability to send specially crafted network packets to the USB interface
low complexity attackphysical access requiredaffects power system protection relays
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (36)
36 with fix
ProductAffected VersionsFix Status
SIPROTEC 5 6MD84 (CP300)< 10.010.0
SIPROTEC 5 6MD85 (CP300)≥ 7.80, < 10.010.0
SIPROTEC 5 6MD86 (CP300)≥ 7.80, < 10.010.0
SIPROTEC 5 6MD89 (CP300)≥ 7.80, < 10.010.0
SIPROTEC 5 6MU85 (CP300)≥ 7.80, < 10.010.0
Remediation & Mitigation
0/2
Do now
0/1
HARDENINGRestrict physical access to USB ports on SIPROTEC 5 devices to authorized maintenance personnel only
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate all affected SIPROTEC 5 devices to firmware version 10.0 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/5407b104-ad5d-42c0-b63a-ba0ee44a40f5
Improper Bandwidth Limitation of Network Packets Over Local USB Port Vulnerability in SIPROTEC 5 | CVSS 2.4 - OTPulse