CVE-2025-40808
Received Received - Intake
Buffer Overflow in SIPROTEC 5 via DIGSI 5 Protocol

Publication date: 2026-06-09

Last updated on: 2026-06-09

Assigner: Siemens AG

Description
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-09
Last Modified
2026-06-09
Generated
2026-06-09
AI Q&A
2026-06-09
EPSS Evaluated
N/A
NVD
CVE-2025-40808
EUVD
EUVD-2025-210083
Affected Vendors & Products
Showing 39 associated CPEs
Vendor Product Version / Range
siemens siprotec_5_6md84 *
siemens siprotec_5_6md85 *
siemens siprotec_5_6md86 *
siemens siprotec_5_6md89 *
siemens siprotec_5_6mu85 *
siemens siprotec_5_7ke85 *
siemens siprotec_5_7sa82 *
siemens siprotec_5_7sa86 *
siemens siprotec_5_7sa87 *
siemens siprotec_5_7sd82 *
siemens siprotec_5_7sd86 *
siemens siprotec_5_7sd87 *
siemens siprotec_5_7sj81 *
siemens siprotec_5_7sj82 *
siemens siprotec_5_7sj85 *
siemens siprotec_5_7sj86 *
siemens siprotec_5_7sk82 *
siemens siprotec_5_7sk85 *
siemens siprotec_5_7sl82 *
siemens siprotec_5_7sl86 *
siemens siprotec_5_7ss85 *
siemens siprotec_5_7st85 *
siemens siprotec_5_7st86 *
siemens siprotec_5_7sx82 *
siemens siprotec_5_7sx85 *
siemens siprotec_5_7sy82 *
siemens siprotec_5_7um85 *
siemens siprotec_5_7ut82 *
siemens siprotec_5_7ut85 *
siemens siprotec_5_7ut86 *
siemens siprotec_5_7ut87 *
siemens siprotec_5_7ve85 *
siemens siprotec_5_7vk87 *
siemens siprotec_5_7vu85 *
siemens siprotec_5_compact_7sx800 *
siemens siprotec_5 From 9.90 (inc)
siemens siprotec_5 From 10.00 (inc)
siemens siprotec_5 *
siemens siprotec *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects multiple SIPROTEC 5 devices from Siemens that use the DIGSI 5 protocol. Authenticated users can exploit this flaw to upload arbitrary files, including malicious configuration files, to the affected devices.

Uploading such files can cause a denial of service condition and may potentially allow an attacker to execute arbitrary code on the device.

Impact Analysis

If exploited, this vulnerability can lead to a permanent denial of service on affected SIPROTEC 5 devices, disrupting their normal operation.

Additionally, the attacker might gain the ability to execute arbitrary code, which could compromise the device's integrity and potentially affect the broader system or network it is part of.

This could result in operational downtime, loss of control, or other security incidents depending on the device's role.

Mitigation Strategies

To mitigate the vulnerability in SIPROTEC 5 devices, upgrade the firmware to versions that introduce an allow-list feature to restrict file uploads.

  • For CP050 and CP150 devices, upgrade to firmware version 9.90 or later.
  • For CP300 devices 7ST85 and 7ST86, upgrade to firmware version 10.00 or later.
  • For other CP300 models, upgrade to firmware version 9.90 or later.

If no firmware fix is available for your device model, apply additional mitigations such as enabling role-based access control (RBAC) and password protection for DIGSI connections.

Follow general security guidelines and product-specific remediations as recommended by Siemens.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40808. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart