Siemens SIPROTEC 5 Using DIGSI5 Protocol
View CSAF Summary SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens SIPROTEC 5 Using DIGSI5 Protocol are affected: SIPROTEC 5 6MD84 (CP300) vers:all/* SIPROTEC 5 6MD85 (CP200) vers:all/* SIPROTEC 5 6MD85 (CP300) vers:all/* SIPROTEC 5 6MD86 (CP200) vers:all/* SIPROTEC 5 6MD86 (CP300) vers:all/* SIPROTEC 5 6MD89 (CP300) vers:all/* SIPROTEC 5 6MU85 (CP300) vers:all/* SIPROTEC 5 7KE85 (CP200) vers:all/* SIPROTEC 5 7KE85 (CP300) vers:all/* SIPROTEC 5 7SA82 (CP100) vers:all/* SIPROTEC 5 7SA82 (CP150) vers:all/* SIPROTEC 5 7SA86 (CP200) vers:all/* SIPROTEC 5 7SA86 (CP300) vers:all/* SIPROTEC 5 7SA87 (CP200) vers:all/* SIPROTEC 5 7SA87 (CP300) vers:all/* SIPROTEC 5 7SD82 (CP100) vers:all/* SIPROTEC 5 7SD82 (CP150) vers:all/* SIPROTEC 5 7SD86 (CP200) vers:all/* SIPROTEC 5 7SD86 (CP300) vers:all/* SIPROTEC 5 7SD87 (CP200) vers:all/* SIPROTEC 5 7SD87 (CP300) vers:all/* SIPROTEC 5 7SJ81 (CP100) vers:all/* SIPROTEC 5 7SJ81 (CP150) vers:all/* SIPROTEC 5 7SJ82 (CP100) vers:all/* SIPROTEC 5 7SJ82 (CP150) vers:all/* SIPROTEC 5 7SJ85 (CP200) vers:all/* SIPROTEC 5 7SJ85 (CP300) vers:all/* SIPROTEC 5 7SJ86 (CP200) vers:all/* SIPROTEC 5 7SJ86 (CP300) vers:all/* SIPROTEC 5 7SK82 (CP100) vers:all/* SIPROTEC 5 7SK82 (CP150) vers:al
CSIRTS triage
- What
- Vulnerability allows arbitrary file uploads by authenticated users, potentially causing denial of service.
- Who is affected
- Users of SIPROTEC 5 device models.
- Urgency
- Remediation is important to prevent potential denial of service conditions.
- Action
- Upgrade to the specified versions of SIPROTEC 5.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch SIPROTEC 5
Get an email when a new SIPROTEC 5 advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-02
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2025-408080.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2025-40808 | coverage & exploitation status | NVD · CVE.org |
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07