CVE-2024-54015 Information
Description
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90) SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80) SIPROTEC 5 7SA82 (CP150) (All versions < V9.90) SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SD82 (CP150) (All versions < V9.90) SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90) SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90) SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SK82 (CP150) (All versions < V9.90) SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SL82 (CP150) (All versions < V9.90) SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80) SIPROTEC 5 7ST86 (CP300) (All versions) SIPROTEC 5 7SX82 (CP150) (All versions < V9.90) SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7SY82 (CP150) (All versions < V9.90) SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7UT82 (CP150) (All versions < V9.90) SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90) SIPROTEC 5 7VU85 (CP300) (All versions < V9.90) SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90) SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90) SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90) SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
https://cert-portal.siemens.com/productcert/html/ssa-767615.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Related CNNVD
CNNVD-202512-578 (Published: 2025-12-04)
Share on: