cve-2024-54015
Vulnerability from cvelistv5
Published
2025-02-11 10:28
Modified
2025-05-13 09:38
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V9.83), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-54015", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-11T14:31:44.397617Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-11T14:32:02.503Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "SIPROTEC 5 6MD84 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 6MD85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 6MD86 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 6MD89 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 6MU85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7KE85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SA82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SA86 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SA87 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SD82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SD86 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SD87 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SJ81 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SJ82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SJ85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SJ86 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SK82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SK85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SL82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SL86 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SL87 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SS85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7ST85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.68", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7ST86 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.83", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SX82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SX85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7SY82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7UM85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7UT82 (CP150)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7UT85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7UT86 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7UT87 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7VE85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7VK87 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 7VU85 (CP300)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 Communication Module ETH-BD-2FO", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V8.80", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIPROTEC 5 Compact 7SX800 (CP050)", vendor: "Siemens", versions: [ { lessThan: "V9.90", status: "affected", version: "V9.50", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V9.83), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, }, { cvssV4_0: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1392", description: "CWE-1392: Use of Default Credentials", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-05-13T09:38:27.196Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-767615.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-54015", datePublished: "2025-02-11T10:28:58.684Z", dateReserved: "2024-11-27T09:14:02.059Z", dateUpdated: "2025-05-13T09:38:27.196Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-54015\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2025-02-11T11:15:15.227\",\"lastModified\":\"2025-05-13T10:15:22.143\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V9.83), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones < V9.90), SIPROTEC 5 6MD85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (Todas las versiones >= V8.80), SIPROTEC 5 7SA82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7SA86 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7SD86 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7SK85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7SL86 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (Todas las versiones >= V8.80), SIPROTEC 5 7ST86 (CP300) (Todas las versiones), SIPROTEC 5 7SX82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7SX85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7UM85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (Todas las versiones < V9.90), SIPROTEC 5 7UT85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (Todas las versiones < V9.90), SIPROTEC 5 Módulo de comunicación ETH-BA-2EL (Rev.2) (Todas las versiones < V9.90), SIPROTEC 5 Módulo de comunicación ETH-BB-2FO (Rev. 2) (Todas las versiones < V9.90), SIPROTEC 5 Módulo de comunicación ETH-BD-2FO (Todas las versiones >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (Todas las versiones >= V9.50 < V9.90). Los dispositivos afectados no validan correctamente las solicitudes SNMP GET. Esto podría permitir que un atacante remoto no autenticado recupere información confidencial de los dispositivos afectados con solicitudes SNMPv2 GET utilizando credenciales predeterminadas.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1392\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-767615.html\",\"source\":\"productcert@siemens.com\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-54015\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-11T14:31:44.397617Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-11T14:31:55.540Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD84 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MD89 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 6MU85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7KE85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SA87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SD87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ81 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SJ86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SK82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SK85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SL87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SS85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7ST85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.68\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7ST86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.83\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SX82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SX85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7SY82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UM85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT82 (CP150)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT86 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7UT87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VE85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VK87 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 7VU85 (CP300)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Communication Module ETH-BD-2FO\", \"versions\": [{\"status\": \"affected\", \"version\": \"V8.80\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPROTEC 5 Compact 7SX800 (CP050)\", \"versions\": [{\"status\": \"affected\", \"version\": \"V9.50\", \"lessThan\": \"V9.90\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-767615.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V9.83), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1392\", \"description\": \"CWE-1392: Use of Default Credentials\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-05-13T09:38:27.196Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-54015\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-13T09:38:27.196Z\", \"dateReserved\": \"2024-11-27T09:14:02.059Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2025-02-11T10:28:58.684Z\", \"assignerShortName\": \"siemens\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.