CVE-2025-40570
CVE-2025-40570
Vexday Risk Score
8Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 2.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 ago 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Productos afectados
Siemens · SIPROTEC 5 6MD84 (CP300)Siemens · SIPROTEC 5 6MD85 (CP300)Siemens · SIPROTEC 5 6MD86 (CP300)Siemens · SIPROTEC 5 6MD89 (CP300)Siemens · SIPROTEC 5 6MU85 (CP300)Siemens · SIPROTEC 5 7KE85 (CP300)Siemens · SIPROTEC 5 7SA82 (CP150)Siemens · SIPROTEC 5 7SA86 (CP300)Siemens · SIPROTEC 5 7SA87 (CP300)Siemens · SIPROTEC 5 7SD82 (CP150)Siemens · SIPROTEC 5 7SD86 (CP300)Siemens · SIPROTEC 5 7SD87 (CP300)Siemens · SIPROTEC 5 7SJ81 (CP150)Siemens · SIPROTEC 5 7SJ82 (CP150)Siemens · SIPROTEC 5 7SJ85 (CP300)Siemens · SIPROTEC 5 7SJ86 (CP300)Siemens · SIPROTEC 5 7SK82 (CP150)Siemens · SIPROTEC 5 7SK85 (CP300)Siemens · SIPROTEC 5 7SL82 (CP150)Siemens · SIPROTEC 5 7SL86 (CP300)Siemens · SIPROTEC 5 7SL87 (CP300)Siemens · SIPROTEC 5 7SS85 (CP300)Siemens · SIPROTEC 5 7ST85 (CP300)Siemens · SIPROTEC 5 7ST86 (CP300)Siemens · SIPROTEC 5 7SX82 (CP150)Siemens · SIPROTEC 5 7SX85 (CP300)Siemens · SIPROTEC 5 7SY82 (CP150)Siemens · SIPROTEC 5 7UM85 (CP300)Siemens · SIPROTEC 5 7UT82 (CP150)Siemens · SIPROTEC 5 7UT85 (CP300)Siemens · SIPROTEC 5 7UT86 (CP300)Siemens · SIPROTEC 5 7UT87 (CP300)Siemens · SIPROTEC 5 7VE85 (CP300)Siemens · SIPROTEC 5 7VK87 (CP300)Siemens · SIPROTEC 5 7VU85 (CP300)Siemens · SIPROTEC 5 Compact 7SX800 (CP050)