VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 11, 2023· Updated Nov 11, 2025

CVE-2023-28766

CVE-2023-28766

Description

A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions < V8.90), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions < V8.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions < V8.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions < V8.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.40 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An improper input validation vulnerability in Siemens SIPROTEC 5 devices may allow remote authenticated attackers to cause a denial-of-service via crafted packets.

Vulnerability

An improper input validation vulnerability has been identified in multiple Siemens SIPROTEC 5 protection and automation devices [1]. Affected models include CP300 devices with versions >= V7.80 and < V9.40 (some < V9.64), CP150 devices with versions < V9.40, and CP100 devices with versions < V8.89, V8.90, or V9.40 depending on the model. The vulnerability stems from insufficient validation of network packets processed by the device, allowing crafted packets to trigger a denial-of-service condition. The official description does not specify the exact function or protocol affected, but the advisory indicates that exploitation requires network access to the device [1].

Exploitation

To exploit this vulnerability, an attacker must have network access to the affected SIPROTEC 5 device and the ability to send specially crafted packets [1]. Authentication is not explicitly mentioned as a requirement in the description; however, the advisory states that the vulnerability could be exploited remotely. The exact sequence of steps is not detailed in available references, but it involves sending malformed or specially crafted network traffic to the device's communication interface, which subsequently causes the device to become unresponsive [1].

Impact

Successful exploitation of this vulnerability leads to a denial-of-service condition, rendering the affected SIPROTEC 5 device unresponsive [1]. This could disrupt protection, control, and monitoring functions in electrical substations and industrial networks, potentially affecting the reliability of power systems. The impact is limited to availability; there is no indication of data compromise or privilege escalation [1].

Mitigation

Siemens has released firmware updates for many affected models [1]. Fixed versions include: SIPROTEC 5 6MD89 (CP300) and 7ST85 (CP300) at V9.64; 7SJ81/82 (CP100) at V8.89; 7SK82 (CP100) at V8.89; 7SA82/7SD82/7SL82/7UT82 (CP100) at V8.90; and most other CP300 and CP150 devices at V9.40. Some CP100 devices have no fix currently available. General security recommendations include restricting network access to the devices and applying defense-in-depth measures. This vulnerability is not listed in the known exploited vulnerabilities (KEV) catalog as of the latest update [1].

References
  1. SSA-322980

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

45
  • Siemens Foundation/SIPROTEC 5llm-fuzzy
    Range: >=7.80 <9.40
  • Siemens Foundation/SIPROTEC 5 6MD84 (CP300)cpe-rescue25 versions
    V7.80+ 24 more
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
    • (no CPE)range: V7.80
  • Siemens/SIPROTEC 5 7SA82 (CP100)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SA82 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SD82 (CP100)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SD82 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SJ81 (CP100)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SJ81 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SJ82 (CP100)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SJ82 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SK82 (CP100)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SK82 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SL82 (CP100)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SL82 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 7SX82 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 7UT82 (CP100)v5
    Range: 0
  • Siemens/SIPROTEC 5 7UT82 (CP150)v5
    Range: 0
  • Siemens/SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)v5
    Range: 0
  • Siemens/SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)v5
    Range: 0
  • Siemens/SIPROTEC 5 Communication Module ETH-BD-2FOv5
    Range: 0
  • Siemens Foundation/SIPROTEC 5 Compact 7SX800 (CP050)cpe-rescue
    Range: 0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.