9Tem
CVE-2024-38867 | Siemens SIPROTEC 5 Compact 7SX800 CP050 Communication Module inadequate encryption (ssa-750499)
A vulnerability, which was classified as problematic, has been found in Siemens SIPROTEC 5 6MD84 CP300, SIPROTEC 5 6MD85 CP200, SIPROTEC 5 6MD85 CP300, SIPROTEC 5 6MD86 CP200, SIPROTEC 5 6MD86 CP300, SIPROTEC 5 6MD89 CP300, SIPROTEC 5 6MU85 CP300, SIPROTEC 5 7KE85 CP200, SIPROTEC 5 7KE85 CP300, SIPROTEC 5 7SA82 CP100, SIPROTEC 5 7SA82 CP150, SIPROTEC 5 7SA84 CP200, SIPROTEC 5 7SA86 CP200, SIPROTEC 5 7SA86 CP300, SIPROTEC 5 7SA87 CP200, SIPROTEC 5 7SA87 CP300, SIPROTEC 5 7SD82 CP100, SIPROTEC 5 7SD82 CP150, SIPROTEC 5 7SD84 CP200, SIPROTEC 5 7SD86 CP200, SIPROTEC 5 7SD86 CP300, SIPROTEC 5 7SD87 CP200, SIPROTEC 5 7SD87 CP300, SIPROTEC 5 7SJ81 CP100, SIPROTEC 5 7SJ81 CP150, SIPROTEC 5 7SJ82 CP100, SIPROTEC 5 7SJ82 CP150, SIPROTEC 5 7SJ85 CP200, SIPROTEC 5 7SJ85 CP300, SIPROTEC 5 7SJ86 CP200, SIPROTEC 5 7SJ86 CP300, SIPROTEC 5 7SK82 CP100, SIPROTEC 5 7SK82 CP150, SIPROTEC 5 7SK85 CP200, SIPROTEC 5 7SK85 CP300, SIPROTEC 5 7SL82 CP100, SIPROTEC 5 7SL82 CP150, SIPROTEC 5 7SL86 CP200, SIPROTEC 5 7SL86 CP300, SIPROTEC 5 7SL87 CP200, SIPROTEC 5 7SL87 CP300, SIPROTEC 5 7SS85 CP200, SIPROTEC 5 7SS85 CP300, SIPROTEC 5 7ST85 CP200, SIPROTEC 5 7ST85 CP300, SIPROTEC 5 7ST86 CP300, SIPROTEC 5 7SX82 CP150, SIPROTEC 5 7SX85 CP300, SIPROTEC 5 7UM85 CP300, SIPROTEC 5 7UT82 CP100, SIPROTEC 5 7UT82 CP150, SIPROTEC 5 7UT85 CP200, SIPROTEC 5 7UT85 CP300, SIPROTEC 5 7UT86 CP200, SIPROTEC 5 7UT86 CP300, SIPROTEC 5 7UT87 CP200, SIPROTEC 5 7UT87 CP300, SIPROTEC 5 7VE85 CP300, SIPROTEC 5 7VK87 CP200, SIPROTEC 5 7VK87 CP300, SIPROTEC 5 7VU85 CP300, SIPROTEC 5 Communication Module ETH-BA-2EL Rev.1, SIPROTEC 5 Communication Module ETH-BB-2FO Rev. 1, SIPROTEC 5 Communication Module ETH-BD-2FO and SIPROTEC 5 Compact 7SX800 CP050. This issue affects some unknown processing of the component Communication Module. The manipulation leads to inadequate encryption strength. The identification of this vulnerability is CVE-2024-38867. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.