CVE-2024-53648
First published: Tue Feb 11 2025(Updated: )
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions < V9.90), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.90), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.90), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.90), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.90), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.90), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.90), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.90), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.90), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.90), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions < V9.90), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.90). Affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SIPROTEC 5 6MD84 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 6MD85 (CP200) | < | |
| Siemens SIPROTEC 5 6MD85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 6MD86 | < | |
| Siemens SIPROTEC 5 6MD86 | <V9.90 | |
| Siemens SIPROTEC 5 6MD89 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 6MU85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7KE85 (CP200) | < | |
| Siemens SIPROTEC 5 7KE85 (CP300) | < | |
| Siemens SIPROTEC 5 7SA82 (CP100) | < | |
| Siemens SIPROTEC 5 7SA82 | <V9.90 | |
| Siemens SIPROTEC 5 7SA86 (CP200) | < | |
| Siemens SIPROTEC 5 7SA86 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SA87 (CP200) | < | |
| Siemens SIPROTEC 5 7SA87 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SD82 (CP100) | < | |
| Siemens SIPROTEC 5 7SD82 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7SD86 (CP200) | < | |
| Siemens SIPROTEC 5 7SD86 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SD87 (CP200) | < | |
| Siemens SIPROTEC 5 7SD87 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SJ81 (CP100) | < | |
| Siemens SIPROTEC 5 7SJ81 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7SJ82 (CP100) | < | |
| Siemens SIPROTEC 5 7SJ82 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7SJ85 (CP200) | < | |
| Siemens SIPROTEC 5 7SJ85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SJ86 (CP200) | < | |
| Siemens SIPROTEC 5 7SJ86 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SK82 (CP100) | < | |
| Siemens SIPROTEC 5 7SK82 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7SK85 (CP200) | < | |
| Siemens SIPROTEC 5 7SK85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SL82 (CP100) | < | |
| Siemens SIPROTEC 5 7SL82 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7SL86 (CP200) | < | |
| Siemens SIPROTEC 5 7SL86 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SL87 (CP200) | < | |
| Siemens SIPROTEC 5 7SL87 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SS85 (CP200) | < | |
| Siemens SIPROTEC 5 7SS85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7ST85 (CP200) | < | |
| Siemens SIPROTEC 5 7ST85 (CP300) | < | |
| Siemens SIPROTEC 5 7ST86 (CP300) | < | |
| Siemens SIPROTEC 5 7SX82 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7SX85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7SY82 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7UM85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7UT82 (CP100) | < | |
| Siemens SIPROTEC 5 7UT82 (CP150) | <V9.90 | |
| Siemens SIPROTEC 5 7UT85 (CP200) | < | |
| Siemens SIPROTEC 5 7UT85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7UT86 (CP200) | < | |
| Siemens SIPROTEC 5 7UT86 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7UT87 (CP200) | < | |
| Siemens SIPROTEC 5 7UT87 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7VE85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7VK87 (CP200) | < | |
| Siemens SIPROTEC 5 7VK87 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 7VU85 (CP300) | <V9.90 | |
| Siemens SIPROTEC 5 Compact 7SX800 | <V9.90 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the CVE-2024-53648 vulnerability?
CVE-2024-53648 is a security vulnerability found in various versions of Siemens SIPROTEC 5 devices that can potentially lead to unauthorized access.
What are the affected versions for CVE-2024-53648?
CVE-2024-53648 affects all versions of the Siemens SIPROTEC 5 models 6MD84 (CP300), 6MD85 (CP200 & CP300), 6MD86 (CP200 & CP300), and 6MD89 (CP300) prior to V9.90.
How can I mitigate the risk of CVE-2024-53648?
To mitigate CVE-2024-53648, users should upgrade their affected SIPROTEC 5 devices to versions that are V9.90 or higher.
What are the potential impacts of CVE-2024-53648?
The potential impacts of CVE-2024-53648 include unauthorized access to device functionalities and possible disruptions in service.
Is there a fix available for CVE-2024-53648?
Yes, the fix for CVE-2024-53648 is to update the affected SIPROTEC 5 devices to the latest available firmware version, V9.90 or higher.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/siemens
- canonical/siemens siprotec 5 6md84 (cp300)
- canonical/siemens siprotec 5 6md85 (cp200)
- canonical/siemens siprotec 5 6md85 (cp300)
- canonical/siemens siprotec 5 6md86
- canonical/siemens siprotec 5 6md89 (cp300)
- canonical/siemens siprotec 5 6mu85 (cp300)
- canonical/siemens siprotec 5 7ke85 (cp200)
- canonical/siemens siprotec 5 7ke85 (cp300)
- canonical/siemens siprotec 5 7sa82 (cp100)
- canonical/siemens siprotec 5 7sa82
- canonical/siemens siprotec 5 7sa86 (cp200)
- canonical/siemens siprotec 5 7sa86 (cp300)
- canonical/siemens siprotec 5 7sa87 (cp200)
- canonical/siemens siprotec 5 7sa87 (cp300)
- canonical/siemens siprotec 5 7sd82 (cp100)
- canonical/siemens siprotec 5 7sd82 (cp150)
- canonical/siemens siprotec 5 7sd86 (cp200)
- canonical/siemens siprotec 5 7sd86 (cp300)
- canonical/siemens siprotec 5 7sd87 (cp200)
- canonical/siemens siprotec 5 7sd87 (cp300)
- canonical/siemens siprotec 5 7sj81 (cp100)
- canonical/siemens siprotec 5 7sj81 (cp150)
- canonical/siemens siprotec 5 7sj82 (cp100)
- canonical/siemens siprotec 5 7sj82 (cp150)
- canonical/siemens siprotec 5 7sj85 (cp200)
- canonical/siemens siprotec 5 7sj85 (cp300)
- canonical/siemens siprotec 5 7sj86 (cp200)
- canonical/siemens siprotec 5 7sj86 (cp300)
- canonical/siemens siprotec 5 7sk82 (cp100)
- canonical/siemens siprotec 5 7sk82 (cp150)
- canonical/siemens siprotec 5 7sk85 (cp200)
- canonical/siemens siprotec 5 7sk85 (cp300)
- canonical/siemens siprotec 5 7sl82 (cp100)
- canonical/siemens siprotec 5 7sl82 (cp150)
- canonical/siemens siprotec 5 7sl86 (cp200)
- canonical/siemens siprotec 5 7sl86 (cp300)
- canonical/siemens siprotec 5 7sl87 (cp200)
- canonical/siemens siprotec 5 7sl87 (cp300)
- canonical/siemens siprotec 5 7ss85 (cp200)
- canonical/siemens siprotec 5 7ss85 (cp300)
- canonical/siemens siprotec 5 7st85 (cp200)
- canonical/siemens siprotec 5 7st85 (cp300)
- canonical/siemens siprotec 5 7st86 (cp300)
- canonical/siemens siprotec 5 7sx82 (cp150)
- canonical/siemens siprotec 5 7sx85 (cp300)
- canonical/siemens siprotec 5 7sy82 (cp150)
- canonical/siemens siprotec 5 7um85 (cp300)
- canonical/siemens siprotec 5 7ut82 (cp100)
- canonical/siemens siprotec 5 7ut82 (cp150)
- canonical/siemens siprotec 5 7ut85 (cp200)
- canonical/siemens siprotec 5 7ut85 (cp300)
- canonical/siemens siprotec 5 7ut86 (cp200)
- canonical/siemens siprotec 5 7ut86 (cp300)
- canonical/siemens siprotec 5 7ut87 (cp200)
- canonical/siemens siprotec 5 7ut87 (cp300)
- canonical/siemens siprotec 5 7ve85 (cp300)
- canonical/siemens siprotec 5 7vk87 (cp200)
- canonical/siemens siprotec 5 7vk87 (cp300)
- canonical/siemens siprotec 5 7vu85 (cp300)
- canonical/siemens siprotec 5 compact 7sx800