CVE-2024-53648

Description

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.90), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions < V9.90), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.90), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.90), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.90), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.90), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.90), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.90), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.90), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.90), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.90), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.90), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.90), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions < V9.90), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.90). Affected devices do not properly limit access to a development shell accessible over a physical interface. This could allow an unauthenticated attacker with physical access to the device to execute arbitrary commands on the device.

References

Link	Tags
https://cert-portal.siemens.com/productcert/html/ssa-687955.html

Frequently Asked Questions

What is the severity of CVE-2024-53648?: CVE-2024-53648 has been scored as a high severity vulnerability.
How to fix CVE-2024-53648?: To fix CVE-2024-53648, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53648 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-53648 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53648?: CVE-2024-53648 affects Siemens SIPROTEC 5 6MD84 (CP300), Siemens SIPROTEC 5 6MD85 (CP200), Siemens SIPROTEC 5 6MD85 (CP300), Siemens SIPROTEC 5 6MD86 (CP200), Siemens SIPROTEC 5 6MD86 (CP300), Siemens SIPROTEC 5 6MD89 (CP300), Siemens SIPROTEC 5 6MU85 (CP300), Siemens SIPROTEC 5 7KE85 (CP200), Siemens SIPROTEC 5 7KE85 (CP300), Siemens SIPROTEC 5 7SA82 (CP100), Siemens SIPROTEC 5 7SA82 (CP150), Siemens SIPROTEC 5 7SA86 (CP200), Siemens SIPROTEC 5 7SA86 (CP300), Siemens SIPROTEC 5 7SA87 (CP200), Siemens SIPROTEC 5 7SA87 (CP300), Siemens SIPROTEC 5 7SD82 (CP100), Siemens SIPROTEC 5 7SD82 (CP150), Siemens SIPROTEC 5 7SD86 (CP200), Siemens SIPROTEC 5 7SD86 (CP300), Siemens SIPROTEC 5 7SD87 (CP200), Siemens SIPROTEC 5 7SD87 (CP300), Siemens SIPROTEC 5 7SJ81 (CP100), Siemens SIPROTEC 5 7SJ81 (CP150), Siemens SIPROTEC 5 7SJ82 (CP100), Siemens SIPROTEC 5 7SJ82 (CP150), Siemens SIPROTEC 5 7SJ85 (CP200), Siemens SIPROTEC 5 7SJ85 (CP300), Siemens SIPROTEC 5 7SJ86 (CP200), Siemens SIPROTEC 5 7SJ86 (CP300), Siemens SIPROTEC 5 7SK82 (CP100), Siemens SIPROTEC 5 7SK82 (CP150), Siemens SIPROTEC 5 7SK85 (CP200), Siemens SIPROTEC 5 7SK85 (CP300), Siemens SIPROTEC 5 7SL82 (CP100), Siemens SIPROTEC 5 7SL82 (CP150), Siemens SIPROTEC 5 7SL86 (CP200), Siemens SIPROTEC 5 7SL86 (CP300), Siemens SIPROTEC 5 7SL87 (CP200), Siemens SIPROTEC 5 7SL87 (CP300), Siemens SIPROTEC 5 7SS85 (CP200), Siemens SIPROTEC 5 7SS85 (CP300), Siemens SIPROTEC 5 7ST85 (CP200), Siemens SIPROTEC 5 7ST85 (CP300), Siemens SIPROTEC 5 7ST86 (CP300), Siemens SIPROTEC 5 7SX82 (CP150), Siemens SIPROTEC 5 7SX85 (CP300), Siemens SIPROTEC 5 7SY82 (CP150), Siemens SIPROTEC 5 7UM85 (CP300), Siemens SIPROTEC 5 7UT82 (CP100), Siemens SIPROTEC 5 7UT82 (CP150), Siemens SIPROTEC 5 7UT85 (CP200), Siemens SIPROTEC 5 7UT85 (CP300), Siemens SIPROTEC 5 7UT86 (CP200), Siemens SIPROTEC 5 7UT86 (CP300), Siemens SIPROTEC 5 7UT87 (CP200), Siemens SIPROTEC 5 7UT87 (CP300), Siemens SIPROTEC 5 7VE85 (CP300), Siemens SIPROTEC 5 7VK87 (CP200), Siemens SIPROTEC 5 7VK87 (CP300), Siemens SIPROTEC 5 7VU85 (CP300), Siemens SIPROTEC 5 Compact 7SX800 (CP050).

Description

Category

CWE-489 – Active Debug Code

References

Frequently Asked Questions