CVE-2025-40570_CVE-2025-40570

2.4 / 10

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Description

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.

Basic Information

ID CVE-2025-40570

Source siemens

Published Aug 12, 2025 at 11:17

Modified Aug 12, 2025 at 20:08

Affected Product

Vendor Siemens

Product SIPROTEC 5 6MD84 (CP300)

Affected Versions Siemens SIPROTEC 5 6MD84 (CP300) 0
Siemens SIPROTEC 5 6MD85 (CP300) V7.80
Siemens SIPROTEC 5 6MD86 (CP300) V7.80
Siemens SIPROTEC 5 6MD89 (CP300) V7.80
Siemens SIPROTEC 5 6MU85 (CP300) V7.80
Siemens SIPROTEC 5 7KE85 (CP300) V7.80
Siemens SIPROTEC 5 7SA82 (CP150) 0
Siemens SIPROTEC 5 7SA86 (CP300) V7.80
Siemens SIPROTEC 5 7SA87 (CP300) V7.80
Siemens SIPROTEC 5 7SD82 (CP150) 0
Siemens SIPROTEC 5 7SD86 (CP300) V7.80
Siemens SIPROTEC 5 7SD87 (CP300) V7.80
Siemens SIPROTEC 5 7SJ81 (CP150) 0
Siemens SIPROTEC 5 7SJ82 (CP150) 0
Siemens SIPROTEC 5 7SJ85 (CP300) V7.80
Siemens SIPROTEC 5 7SJ86 (CP300) V7.80
Siemens SIPROTEC 5 7SK82 (CP150) 0
Siemens SIPROTEC 5 7SK85 (CP300) V7.80
Siemens SIPROTEC 5 7SL82 (CP150) 0
Siemens SIPROTEC 5 7SL86 (CP300) V7.80
Siemens SIPROTEC 5 7SL87 (CP300) V7.80
Siemens SIPROTEC 5 7SS85 (CP300) V7.80
Siemens SIPROTEC 5 7ST85 (CP300) 0
Siemens SIPROTEC 5 7ST86 (CP300) 0
Siemens SIPROTEC 5 7SX82 (CP150) 0
Siemens SIPROTEC 5 7SX85 (CP300) 0
Siemens SIPROTEC 5 7SY82 (CP150) 0
Siemens SIPROTEC 5 7UM85 (CP300) V7.80
Siemens SIPROTEC 5 7UT82 (CP150) 0
Siemens SIPROTEC 5 7UT85 (CP300) V7.80
Siemens SIPROTEC 5 7UT86 (CP300) V7.80
Siemens SIPROTEC 5 7UT87 (CP300) V7.80
Siemens SIPROTEC 5 7VE85 (CP300) V7.80
Siemens SIPROTEC 5 7VK87 (CP300) V7.80
Siemens SIPROTEC 5 7VU85 (CP300) 0
Siemens SIPROTEC 5 Compact 7SX800 (CP050) 0

CWE Classification

CWE-770

References

cert-portal.siemens.com /productcert/html/ssa-894058.html

{
    "lastseen": "",
    "description": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.",
    "published": "2025-08-12T11:17:01.195Z",
    "modified": "2025-08-12T20:08:15.284Z",
    "type": "cve",
    "title": "CVE-2025-40570",
    "source": "siemens",
    "references": "https://cert-portal.siemens.com/productcert/html/ssa-894058.html",
    "id": "CVE-2025-40570",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "Siemens SIPROTEC 5 6MD84 (CP300) 0\nSiemens SIPROTEC 5 6MD85 (CP300) V7.80\nSiemens SIPROTEC 5 6MD86 (CP300) V7.80\nSiemens SIPROTEC 5 6MD89 (CP300) V7.80\nSiemens SIPROTEC 5 6MU85 (CP300) V7.80\nSiemens SIPROTEC 5 7KE85 (CP300) V7.80\nSiemens SIPROTEC 5 7SA82 (CP150) 0\nSiemens SIPROTEC 5 7SA86 (CP300) V7.80\nSiemens SIPROTEC 5 7SA87 (CP300) V7.80\nSiemens SIPROTEC 5 7SD82 (CP150) 0\nSiemens SIPROTEC 5 7SD86 (CP300) V7.80\nSiemens SIPROTEC 5 7SD87 (CP300) V7.80\nSiemens SIPROTEC 5 7SJ81 (CP150) 0\nSiemens SIPROTEC 5 7SJ82 (CP150) 0\nSiemens SIPROTEC 5 7SJ85 (CP300) V7.80\nSiemens SIPROTEC 5 7SJ86 (CP300) V7.80\nSiemens SIPROTEC 5 7SK82 (CP150) 0\nSiemens SIPROTEC 5 7SK85 (CP300) V7.80\nSiemens SIPROTEC 5 7SL82 (CP150) 0\nSiemens SIPROTEC 5 7SL86 (CP300) V7.80\nSiemens SIPROTEC 5 7SL87 (CP300) V7.80\nSiemens SIPROTEC 5 7SS85 (CP300) V7.80\nSiemens SIPROTEC 5 7ST85 (CP300) 0\nSiemens SIPROTEC 5 7ST86 (CP300) 0\nSiemens SIPROTEC 5 7SX82 (CP150) 0\nSiemens SIPROTEC 5 7SX85 (CP300) 0\nSiemens SIPROTEC 5 7SY82 (CP150) 0\nSiemens SIPROTEC 5 7UM85 (CP300) V7.80\nSiemens SIPROTEC 5 7UT82 (CP150) 0\nSiemens SIPROTEC 5 7UT85 (CP300) V7.80\nSiemens SIPROTEC 5 7UT86 (CP300) V7.80\nSiemens SIPROTEC 5 7UT87 (CP300) V7.80\nSiemens SIPROTEC 5 7VE85 (CP300) V7.80\nSiemens SIPROTEC 5 7VK87 (CP300) V7.80\nSiemens SIPROTEC 5 7VU85 (CP300) 0\nSiemens SIPROTEC 5 Compact 7SX800 (CP050) 0",
    "sourceHref": "",
    "cvss": {
        "score": 2.4,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SIPROTEC 5 6MD84 (CP300)",
    "version": "0",
    "vendor": "Siemens",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}