CVE-2024-54015

{"id": "CVE-2024-54015", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-02-11T11:15:15.227", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-767615.html", "source": "productcert@siemens.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-1392"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MD89 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 6MU85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7KE85 (CP300) (All versions >= V8.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.90), SIPROTEC 5 7SA86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SA87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD82 (CP150) (All versions < V9.90), SIPROTEC 5 7SD86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SD87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.90), SIPROTEC 5 7SJ85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SJ86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SK82 (CP150) (All versions < V9.90), SIPROTEC 5 7SK85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL82 (CP150) (All versions < V9.90), SIPROTEC 5 7SL86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SL87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SS85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7ST85 (CP300) (All versions >= V8.80 < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.90), SIPROTEC 5 7SX85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7SY82 (CP150) (All versions < V9.90), SIPROTEC 5 7UM85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT82 (CP150) (All versions < V9.90), SIPROTEC 5 7UT85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT86 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7UT87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VE85 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VK87 (CP300) (All versions >= V8.80 < V9.90), SIPROTEC 5 7VU85 (CP300) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 2) (All versions < V9.90), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions >= V8.80 < V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (All versions >= V9.50 < V9.90). Affected devices do not properly validate SNMP GET requests. This could allow an unauthenticated, remote attacker to retrieve sensitive information of the affected devices with SNMPv2 GET requests using default credentials."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SIPROTEC 5 6MD84 (CP300) (Todas las versiones &lt; V9.90), SIPROTEC 5 6MD85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 6MD86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 6MD89 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 6MU85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7KE85 (CP300) (Todas las versiones &gt;= V8.80), SIPROTEC 5 7SA82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SA86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SA87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SD82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SD86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SD87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SJ81 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SJ82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SJ85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SJ86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SK82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SK85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SL82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SL86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SL87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SS85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7ST85 (CP300) (Todas las versiones &gt;= V8.80), SIPROTEC 5 7ST86 (CP300) (Todas las versiones), SIPROTEC 5 7SX82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7SX85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7SY82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7UM85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7UT82 (CP150) (Todas las versiones &lt; V9.90), SIPROTEC 5 7UT85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7UT86 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7UT87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7VE85 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7VK87 (CP300) (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 7VU85 (CP300) (Todas las versiones &lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BA-2EL (Rev.2) (Todas las versiones &lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BB-2FO (Rev. 2) (Todas las versiones &lt; V9.90), SIPROTEC 5 M\u00f3dulo de comunicaci\u00f3n ETH-BD-2FO (Todas las versiones &gt;= V8.80 &lt; V9.90), SIPROTEC 5 Compact 7SX800 (CP050) (Todas las versiones &gt;= V9.50 &lt; V9.90). Los dispositivos afectados no validan correctamente las solicitudes SNMP GET. Esto podr\u00eda permitir que un atacante remoto no autenticado recupere informaci\u00f3n confidencial de los dispositivos afectados con solicitudes SNMPv2 GET utilizando credenciales predeterminadas."}], "lastModified": "2025-04-08T09:15:22.550", "sourceIdentifier": "productcert@siemens.com"}