ID
VAR-202508-0348
CVE
CVE-2025-40570
TITLE
Siemens SIPROTEC 5 Compact 7SX800 (CP050) Local USB Port Network Packet Bandwidth Limit Improper Vulnerability
Trust: 0.6
DESCRIPTION
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability. The SIPROTEC 5 Compact 7SX800 (CP050) provides a range of integrated protection, control, measurement, and automation functions for substations and other applications
Trust: 1.44
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | siprotec compact 7sx800 | scope: | eq | version: | 5<v10.0 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-770 | Trust: 1.0 |
PATCH
| title: | Patch for Siemens SIPROTEC 5 Compact 7SX800 (CP050) Local USB Port Network Packet Bandwidth Limit Improper Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/723041 | Trust: 0.6 |
EXTERNAL IDS
| db: | SIEMENS | id: | SSA-894058 | Trust: 1.6 |
| db: | NVD | id: | CVE-2025-40570 | Trust: 1.0 |
| db: | CNVD | id: | CNVD-2025-19343 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-894058.html | Trust: 1.6 |
SOURCES
| db: | CNVD | id: | CNVD-2025-19343 |
| db: | NVD | id: | CVE-2025-40570 |
LAST UPDATE DATE
2025-08-23T23:02:36.087000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-19343 | date: | 2025-08-22T00:00:00 |
| db: | NVD | id: | CVE-2025-40570 | date: | 2025-08-12T14:25:33.177 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-19343 | date: | 2025-08-12T00:00:00 |
| db: | NVD | id: | CVE-2025-40570 | date: | 2025-08-12T12:15:35.387 |