CVE-2025-40808

Vulnerability

A file upload vulnerability exists in SIPROTEC 5 devices across all versions, specifically affecting various CP models including CP100, CP150, CP200, and CP300. This vulnerability is exploitable by authenticated users through the DIGSI 5 protocol [1].

Exploitation

An authenticated attacker can exploit this vulnerability by uploading malicious configuration files using the DIGSI 5 protocol. The specific steps involve leveraging the file upload functionality within the protocol to introduce unauthorized files onto the device [1].

Impact

Successful exploitation of this vulnerability can lead to a permanent denial of service condition. By uploading malicious files, an attacker can disrupt the normal operation of the affected SIPROTEC 5 devices [1].

Mitigation

Siemens has released updated versions to address this vulnerability. For CP050 and CP150 device models, upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 should upgrade to version 10.00 or later, while other CP300 models should upgrade to version 9.90 or later. These versions include an allow-list feature to restrict arbitrary file uploads. Siemens is preparing further fix versions and recommends countermeasures for devices where fixes are not yet available [1].