SSA-400089
Vulnerability from csaf_siemens - Published: 2025-08-12 00:00 - Updated: 2025-08-12 00:00Summary
SSA-400089: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact
Notes
Summary: SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition.
Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
General Recommendations: Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design.
Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment.
As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.
Recommended security guidelines can be found at:
https://www.siemens.com/gridsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
7.5 (High)
Affected products
Known affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SIPROTEC 4 6MD61
Siemens / SIPROTEC 4 6MD61
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 6MD63
Siemens / SIPROTEC 4 6MD63
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 6MD66
Siemens / SIPROTEC 4 6MD66
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 6MD665
Siemens / SIPROTEC 4 6MD665
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7SA6
Siemens / SIPROTEC 4 7SA6
|
vers:intdot/<4.78 |
Vendor Fix
fix
|
|
|
SIPROTEC 4 7SA522
Siemens / SIPROTEC 4 7SA522
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7SD5
Siemens / SIPROTEC 4 7SD5
|
vers:intdot/<4.78 |
Vendor Fix
fix
|
|
|
SIPROTEC 4 7SD610
Siemens / SIPROTEC 4 7SD610
|
vers:intdot/<4.78 |
Vendor Fix
fix
|
|
|
SIPROTEC 4 7SJ61
Siemens / SIPROTEC 4 7SJ61
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7SJ62
Siemens / SIPROTEC 4 7SJ62
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7SJ63
Siemens / SIPROTEC 4 7SJ63
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7SJ64
Siemens / SIPROTEC 4 7SJ64
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7SJ66
Siemens / SIPROTEC 4 7SJ66
|
vers:all/* |
None Available
|
|
|
SIPROTEC 4 7SS52
Siemens / SIPROTEC 4 7SS52
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7ST6
Siemens / SIPROTEC 4 7ST6
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7UM61
Siemens / SIPROTEC 4 7UM61
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7UM62
Siemens / SIPROTEC 4 7UM62
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7UT63
Siemens / SIPROTEC 4 7UT63
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7UT612
Siemens / SIPROTEC 4 7UT612
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7UT613
Siemens / SIPROTEC 4 7UT613
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7VE6
Siemens / SIPROTEC 4 7VE6
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7VK61
Siemens / SIPROTEC 4 7VK61
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 7VU683
Siemens / SIPROTEC 4 7VU683
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 Compact 7RW80
Siemens / SIPROTEC 4 Compact 7RW80
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 Compact 7SD80
Siemens / SIPROTEC 4 Compact 7SD80
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 Compact 7SJ80
Siemens / SIPROTEC 4 Compact 7SJ80
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 Compact 7SJ81
Siemens / SIPROTEC 4 Compact 7SJ81
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 Compact 7SK80
Siemens / SIPROTEC 4 Compact 7SK80
|
vers:all/* |
No Fix Planned
|
|
|
SIPROTEC 4 Compact 7SK81
Siemens / SIPROTEC 4 Compact 7SK81
|
vers:all/* |
No Fix Planned
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition.\n\nSiemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid\u0027s reliability can thus be minimized by virtue of the grid design.\nSiemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. \nAs a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment.\n\nRecommended security guidelines can be found at:\n\nhttps://www.siemens.com/gridsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-400089: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-400089.html"
},
{
"category": "self",
"summary": "SSA-400089: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-400089.json"
}
],
"title": "SSA-400089: Denial of Service Vulnerability in SIPROTEC 4 and SIPROTEC 4 Compact",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-400089",
"initial_release_date": "2025-08-12T00:00:00Z",
"revision_history": [
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 6MD61",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 6MD61"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 6MD63",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 6MD63"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 6MD66",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 6MD66"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 6MD665",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 6MD665"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.78",
"product": {
"name": "SIPROTEC 4 7SA6",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SA6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7SA522",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SA522"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.78",
"product": {
"name": "SIPROTEC 4 7SD5",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SD5"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c4.78",
"product": {
"name": "SIPROTEC 4 7SD610",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SD610"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7SJ61",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SJ61"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7SJ62",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SJ62"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7SJ63",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SJ63"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7SJ64",
"product_id": "12"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SJ64"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7SJ66",
"product_id": "13"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SJ66"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7SS52",
"product_id": "14"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7SS52"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7ST6",
"product_id": "15"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7ST6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7UM61",
"product_id": "16"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7UM61"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7UM62",
"product_id": "17"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7UM62"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7UT63",
"product_id": "18"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7UT63"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7UT612",
"product_id": "19"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7UT612"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7UT613",
"product_id": "20"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7UT613"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7VE6",
"product_id": "21"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7VE6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7VK61",
"product_id": "22"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7VK61"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 7VU683",
"product_id": "23"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 7VU683"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 Compact 7RW80",
"product_id": "24"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 Compact 7RW80"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 Compact 7SD80",
"product_id": "25"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 Compact 7SD80"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 Compact 7SJ80",
"product_id": "26"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 Compact 7SJ80"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 Compact 7SJ81",
"product_id": "27"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 Compact 7SJ81"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 Compact 7SK80",
"product_id": "28"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 Compact 7SK80"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPROTEC 4 Compact 7SK81",
"product_id": "29"
}
}
],
"category": "product_name",
"name": "SIPROTEC 4 Compact 7SK81"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-52504",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "summary",
"text": "Affected devices do not properly handle interrupted operations of file transfer. This could allow an unauthenticated remote attacker to cause a denial of service condition. To restore normal operations, the devices need to be restarted.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"1",
"2",
"3",
"4",
"6",
"9",
"10",
"11",
"12",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"13"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.78 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109743560/"
},
{
"category": "vendor_fix",
"details": "Update to V4.78 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109743563/"
},
{
"category": "vendor_fix",
"details": "Update to V4.78 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109743573/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"24",
"25",
"26",
"27",
"28",
"29"
]
}
],
"title": "CVE-2024-52504"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…