CVE-2025-40570
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-12

Last updated on: 2025-08-12

Assigner: Siemens AG

Description
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V10.0), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA82 (CP150) (All versions < V10.0), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD82 (CP150) (All versions < V10.0), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ81 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ82 (CP150) (All versions < V10.0), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SK82 (CP150) (All versions < V10.0), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL82 (CP150) (All versions < V10.0), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7ST85 (CP300) (All versions < V10.0), SIPROTEC 5 7ST86 (CP300) (All versions < V10.0), SIPROTEC 5 7SX82 (CP150) (All versions < V10.0), SIPROTEC 5 7SX85 (CP300) (All versions < V10.0), SIPROTEC 5 7SY82 (CP150) (All versions < V10.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT82 (CP150) (All versions < V10.0), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V10.0), SIPROTEC 5 7VU85 (CP300) (All versions < V10.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V10.0). Affected devices do not properly limit the bandwidth for incoming network packets over their local USB port. This could allow an attacker with physical access to send specially crafted packets with high bandwidth to the affected devices thus forcing them to exhaust their memory and stop responding to any network traffic via the local USB port. Affected devices reset themselves automatically after a successful attack. The protection function is not affected of this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-12
Last Modified
2025-08-12
Generated
2026-05-27
AI Q&A
2025-08-12
EPSS Evaluated
2026-05-25
NVD
CVE-2025-40570
EUVD
EUVD-2025-24247
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
siemens siprotec_5 7.80
siemens siprotec_5 10.0
siemens siprotec_5_compact 10.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects Siemens SIPROTEC 5 and SIPROTEC 5 Compact devices, which are used for protection, control, measurement, and automation in electrical substations. The affected devices do not properly limit the bandwidth of incoming network packets over their local USB port. An attacker with physical access can send specially crafted high-bandwidth packets to the device, causing it to exhaust its memory and become unresponsive to network traffic via the USB port. After the attack, the device automatically resets itself. The core protection functions of the devices are not affected by this vulnerability. [1]


How can this vulnerability impact me? :

If exploited, this vulnerability can cause the affected device to exhaust its memory and stop responding to network traffic over the local USB port, leading to a temporary denial of service. The device will automatically reset after the attack, which may cause interruptions in the device's operation. However, the main protection functions of the device remain unaffected. This could impact the availability of the device's network communication via USB, potentially disrupting monitoring or control functions that rely on this interface. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

The vulnerability involves devices not properly limiting bandwidth for incoming packets over their local USB port, which requires physical access to exploit. Detection would involve monitoring for unusually high bandwidth or malformed packets on the USB interface of affected SIPROTEC 5 devices. However, no specific detection commands or tools are provided in the available resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include updating affected SIPROTEC 5 and SIPROTEC 5 Compact devices to version 10.0 or later, as Siemens has released updates to remediate this issue. Additionally, implement multi-level redundant secondary protection schemes, protect network access with firewalls, segmentation, and VPNs, and configure devices according to Siemens operational guidelines. Ensure updates are validated prior to deployment and supervised by trained personnel. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart