Vulnerabilites related to Siemens - SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2)
cve-2024-54015
Vulnerability from cvelistv5
Published
2025-02-11 10:28
Modified
2025-02-11 14:32
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T14:31:44.397617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T14:32:02.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD84 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MD89 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 6MU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7KE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SA87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SD87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ81 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SJ86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SK85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SL87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SS85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7ST86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SX85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7SY82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UM85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT82 (CP150)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT86 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7UT87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VE85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VK87 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 7VU85 (CP300)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Communication Module ETH-BD-2FO",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V8.80",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPROTEC 5 Compact 7SX800 (CP050)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.90",
"status": "affected",
"version": "V9.50",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.90), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7ST85 (CP300) (All versions \u003e= V8.80), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SX85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003e= V9.50 \u003c V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "CWE-1392: Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T10:28:58.684Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-767615.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-54015",
"datePublished": "2025-02-11T10:28:58.684Z",
"dateReserved": "2024-11-27T09:14:02.059Z",
"dateUpdated": "2025-02-11T14:32:02.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}