CVE-2022-45044
Description
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A vulnerability in Siemens SIPROTEC 5 devices could allow an attacker to cause a denial of service or execute arbitrary code.
Vulnerability
The vulnerability affects multiple Siemens SIPROTEC 5 devices with specific CP variants and firmware versions. The exact nature is not disclosed in the available references, but it resides in the device firmware and may be triggered via network communication. Affected versions include all versions before V9.50 for many CP300 devices, before V9.64 for some, before V8.90 for CP100 devices, etc. [1]
Exploitation
An attacker with network access to the affected device could potentially exploit this vulnerability. The required privileges and user interaction are not specified in the available references. [1]
Impact
Successful exploitation could lead to arbitrary code execution or denial of service, potentially compromising the device's functionality. The exact impact is not detailed in the available references. [1]
Mitigation
Siemens has released firmware updates for most affected devices. For CP300 devices, the fix version is V9.50 or V9.64 depending on the model. For CP100 devices, the fix version is V8.90 or later. Some devices like SIPROTEC 5 7SA82 (CP100) initially had no fix but were later addressed in V1.5 of the advisory. Users should update to the latest firmware version as specified in the advisory. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
660+ 27 more
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- (no CPE)range: 0
- Siemens/SIPROTEC 5 7KE85 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SA82 (CP100)v5Range: 0
- Siemens/SIPROTEC 5 7SA82 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7SA84 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SA86 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SA87 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SD82 (CP100)v5Range: 0
- Siemens/SIPROTEC 5 7SD82 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7SD84 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SD86 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SD87 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SJ81 (CP100)v5Range: 0
- Siemens/SIPROTEC 5 7SJ81 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7SJ82 (CP100)v5Range: 0
- Siemens/SIPROTEC 5 7SJ82 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7SJ85 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SJ86 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SK82 (CP100)v5Range: 0
- Siemens/SIPROTEC 5 7SK82 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7SK85 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SL82 (CP100)v5Range: 0
- Siemens/SIPROTEC 5 7SL82 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7SL86 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SL87 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SS85 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7ST85 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7SX82 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7UT82 (CP100)v5Range: 0
- Siemens/SIPROTEC 5 7UT82 (CP150)v5Range: 0
- Siemens/SIPROTEC 5 7UT85 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7UT86 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7UT87 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 7VK87 (CP200)v5Range: 0
- Siemens/SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)v5Range: 0
- Siemens/SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)v5Range: 0
- Siemens/SIPROTEC 5 Communication Module ETH-BD-2FOv5Range: 0
- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.