fkie_cve-2024-54015
Vulnerability from fkie_nvd
Published
2025-02-11 11:15
Modified
2025-02-11 11:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/html/ssa-767615.html
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.90), SIPROTEC 5 6MD85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MD86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MD89 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 6MU85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7KE85 (CP300) (All versions \u003e= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SA86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SA87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SD86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SD87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SK85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SL86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SL87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SS85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7ST85 (CP300) (All versions \u003e= V8.80), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7SX85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7SY82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7UM85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.90), SIPROTEC 5 7UT85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT86 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7UT87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VE85 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VK87 (CP300) (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions \u003c V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions \u003e= V8.80 \u003c V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003e= V9.50 \u003c V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 6MD85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 6MD86 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 6MD89 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 6MU85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7KE85 (CP300) (Todas las versiones \u0026gt;= V8.80), SIPROTEC 5 7SA82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7SA86 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SA87 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SD82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7SD86 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SD87 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SK82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7SK85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SL82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7SL86 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SL87 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SS85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7ST85 (CP300) (Todas las versiones \u0026gt;= V8.80), SIPROTEC 5 7ST86 (CP300) (Todas las versiones), SIPROTEC 5 7SX82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7SX85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7SY82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7UM85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7UT82 (CP150) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 7UT85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7UT86 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7UT87 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7VE85 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7VK87 (CP300) (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 7VU85 (CP300) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BA-2EL (Rev.2) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BB-2FO (Rev. 2) (Todas las versiones \u0026lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BD-2FO (Todas las versiones \u0026gt;= V8.80 \u0026lt; V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (Todas las versiones \u0026gt;= V9.50 \u0026lt; V9.90). Los dispositivos afectados no validan correctamente las solicitudes SNMP GET. Esto podr\u00eda permitir que un atacante remoto no autenticado recupere informaci\u00f3n confidencial de los dispositivos afectados con solicitudes SNMPv2 GET utilizando credenciales predeterminadas."
    }
  ],
  "id": "CVE-2024-54015",
  "lastModified": "2025-02-11T11:15:15.227",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "productcert@siemens.com",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "automatable": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityRequirements": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "subsequentSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "vulnerableSystemAvailability": "NONE",
          "vulnerableSystemConfidentiality": "HIGH",
          "vulnerableSystemIntegrity": "NONE"
        },
        "source": "productcert@siemens.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-02-11T11:15:15.227",
  "references": [
    {
      "source": "productcert@siemens.com",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-767615.html"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1392"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.