Sign-up

ID

VAR-202502-0263


CVE

CVE-2024-54015


TITLE

Siemens SIPROTEC 5 Devices Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15366

DESCRIPTION

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) V9.6x (All versions < V9.68), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V10.0), SIPROTEC 5 7ST85 (CP300) V9.6x (All versions < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) V9.8x (All versions < V9.83), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) V9.8 (All versions < V9.83), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) V9.8 (All versions < V9.83), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO V9.6 (All versions < V9.68), SIPROTEC 5 Communication Module ETH-BD-2FO V9.8 (All versions < V9.83), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials. SIPROTEC 5 Devices provide a range of integrated protection, control, measurement and automation functions for substations and other application areas

Trust: 1.44

sources: NVD: CVE-2024-54015 // CNVD: CNVD-2025-15366

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-15366

AFFECTED PRODUCTS

vendor:siemensmodel:siprotec cp300 devicesscope:eqversion:5-

Trust: 0.6

vendor:siemensmodel:siprotec cp150 devicesscope:eqversion:5-

Trust: 0.6

vendor:siemensmodel:siprotec cp050 devicesscope:eqversion:5-

Trust: 0.6

sources: CNVD: CNVD-2025-15366

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-54015
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-15366
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-15366
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

productcert@siemens.com: CVE-2024-54015
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-15366 // NVD: CVE-2024-54015

PROBLEMTYPE DATA

problemtype:CWE-1392

Trust: 1.0

sources: NVD: CVE-2024-54015

EXTERNAL IDS

db:NVDid:CVE-2024-54015

Trust: 1.6

db:SIEMENSid:SSA-767615

Trust: 1.6

db:CNVDid:CNVD-2025-15366

Trust: 0.6

sources: CNVD: CNVD-2025-15366 // NVD: CVE-2024-54015

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-767615.html

Trust: 1.6

url:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2024-54015

Trust: 0.6

sources: CNVD: CNVD-2025-15366 // NVD: CVE-2024-54015

SOURCES

db:CNVDid:CNVD-2025-15366
db:NVDid:CVE-2024-54015

LAST UPDATE DATE

2025-08-12T23:26:49.081000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-15366date:2025-07-09T00:00:00
db:NVDid:CVE-2024-54015date:2025-08-12T12:15:34.200

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-15366date:2025-02-11T00:00:00
db:NVDid:CVE-2024-54015date:2025-02-11T11:15:15.227