<p>SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated
users using the DIGSI 5 protocol. This could allow an attacker to upload
malicious configuration files, potentially causing a permanent denial of
service condition.</p>
<p>As a mitigation measure, users of the CP050 and CP150 device models
are advised to upgrade to version 9.90 or later. For CP300 device
models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00
or later, while the remaining models should upgrade to version 9.90 or
later. These versions introduce an allow-list feature that restricts
arbitrary file uploads and reduces the risk associated with this
vulnerability.</p>
<p>Siemens is preparing fix versions and recommends specific
countermeasures for products where fixes are not, or not yet
available.</p>
Source link
