Siemens SIPROTEC 5 Using DIGSI5 Protocol
Siemens SIPROTEC 5 vulnerable to arbitrary file uploads via DIGSI 5 protocol.
Summary
Siemens SIPROTEC 5 devices are vulnerable to arbitrary file uploads through the DIGSI 5 protocol, allowing authenticated attackers to upload malicious configuration files. This could lead to a denial of service or potentially code execution. Siemens has released updated versions with an allow-list feature to mitigate this risk and recommends specific countermeasures for devices where fixes are not yet available.
Full text
ICS Advisory Siemens SIPROTEC 5 Using DIGSI5 Protocol Release DateJune 23, 2026 Alert CodeICSA-26-174-02 Related topics: Industrial Control System Vulnerabilities , Industrial Control Systems View CSAF Summary SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available. The following versions of Siemens SIPROTEC 5 Using DIGSI5 Protocol are affected: SIPROTEC 5 6MD84 (CP300) vers:all/* SIPROTEC 5 6MD85 (CP200) vers:all/* SIPROTEC 5 6MD85 (CP300) vers:all/* SIPROTEC 5 6MD86 (CP200) vers:all/* SIPROTEC 5 6MD86 (CP300) vers:all/* SIPROTEC 5 6MD89 (CP300) vers:all/* SIPROTEC 5 6MU85 (CP300) vers:all/* SIPROTEC 5 7KE85 (CP200) vers:all/* SIPROTEC 5 7KE85 (CP300) vers:all/* SIPROTEC 5 7SA82 (CP100) vers:all/* SIPROTEC 5 7SA82 (CP150) vers:all/* SIPROTEC 5 7SA86 (CP200) vers:all/* SIPROTEC 5 7SA86 (CP300) vers:all/* SIPROTEC 5 7SA87 (CP200) vers:all/* SIPROTEC 5 7SA87 (CP300) vers:all/* SIPROTEC 5 7SD82 (CP100) vers:all/* SIPROTEC 5 7SD82 (CP150) vers:all/* SIPROTEC 5 7SD86 (CP200) vers:all/* SIPROTEC 5 7SD86 (CP300) vers:all/* SIPROTEC 5 7SD87 (CP200) vers:all/* SIPROTEC 5 7SD87 (CP300) vers:all/* SIPROTEC 5 7SJ81 (CP100) vers:all/* SIPROTEC 5 7SJ81 (CP150) vers:all/* SIPROTEC 5 7SJ82 (CP100) vers:all/* SIPROTEC 5 7SJ82 (CP150) vers:all/* SIPROTEC 5 7SJ85 (CP200) vers:all/* SIPROTEC 5 7SJ85 (CP300) vers:all/* SIPROTEC 5 7SJ86 (CP200) vers:all/* SIPROTEC 5 7SJ86 (CP300) vers:all/* SIPROTEC 5 7SK82 (CP100) vers:all/* SIPROTEC 5 7SK82 (CP150) vers:all/* SIPROTEC 5 7SK85 (CP200) vers:all/* SIPROTEC 5 7SK85 (CP300) vers:all/* SIPROTEC 5 7SL82 (CP100) vers:all/* SIPROTEC 5 7SL82 (CP150) vers:all/* SIPROTEC 5 7SL86 (CP200) vers:all/* SIPROTEC 5 7SL86 (CP300) vers:all/* SIPROTEC 5 7SL87 (CP200) vers:all/* SIPROTEC 5 7SL87 (CP300) vers:all/* SIPROTEC 5 7SS85 (CP200) vers:all/* SIPROTEC 5 7SS85 (CP300) vers:all/* SIPROTEC 5 7ST85 (CP200) vers:all/* SIPROTEC 5 7ST85 (CP300) vers:all/* SIPROTEC 5 7ST86 (CP300) vers:all/* SIPROTEC 5 7SX82 (CP150) vers:all/* SIPROTEC 5 7SX85 (CP300) vers:all/* SIPROTEC 5 7SY82 (CP150) vers:all/* SIPROTEC 5 7UM85 (CP300) vers:all/* SIPROTEC 5 7UT82 (CP100) vers:all/* SIPROTEC 5 7UT82 (CP150) vers:all/* SIPROTEC 5 7UT85 (CP200) vers:all/* SIPROTEC 5 7UT85 (CP300) vers:all/* SIPROTEC 5 7UT86 (CP200) vers:all/* SIPROTEC 5 7UT86 (CP300) vers:all/* SIPROTEC 5 7UT87 (CP200) vers:all/* SIPROTEC 5 7UT87 (CP300) vers:all/* SIPROTEC 5 7VE85 (CP300) vers:all/* SIPROTEC 5 7VK87 (CP200) vers:all/* SIPROTEC 5 7VK87 (CP300) vers:all/* SIPROTEC 5 7VU85 (CP300) vers:all/* SIPROTEC 5 Compact 7SX800 (CP050) vers:all/* CVSS Vendor Equipment Vulnerabilities v3 6.1 Siemens Siemens SIPROTEC 5 Using DIGSI5 Protocol Unrestricted Upload of File with Dangerous Type Background Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany Vulnerabilities Expand All + CVE-2025-40808 The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution. View CVE Details Affected Products Siemens SIPROTEC 5 Using DIGSI5 Protocol Vendor:Siemens Product Version:SIPROTEC 5 6MD84 (CP300), SIPROTEC 5 6MD85 (CP200), SIPROTEC 5 6MD85 (CP300), SIPROTEC 5 6MD86 (CP200), SIPROTEC 5 6MD86 (CP300), SIPROTEC 5 6MD89 (CP300), SIPROTEC 5 6MU85 (CP300), SIPROTEC 5 7KE85 (CP200), SIPROTEC 5 7KE85 (CP300), SIPROTEC 5 7SA82 (CP100), SIPROTEC 5 7SA82 (CP150), SIPROTEC 5 7SA86 (CP200), SIPROTEC 5 7SA86 (CP300), SIPROTEC 5 7SA87 (CP200), SIPROTEC 5 7SA87 (CP300), SIPROTEC 5 7SD82 (CP100), SIPROTEC 5 7SD82 (CP150), SIPROTEC 5 7SD86 (CP200), SIPROTEC 5 7SD86 (CP300), SIPROTEC 5 7SD87 (CP200), SIPROTEC 5 7SD87 (CP300), SIPROTEC 5 7SJ81 (CP100), SIPROTEC 5 7SJ81 (CP150), SIPROTEC 5 7SJ82 (CP100), SIPROTEC 5 7SJ82 (CP150), SIPROTEC 5 7SJ85 (CP200), SIPROTEC 5 7SJ85 (CP300), SIPROTEC 5 7SJ86 (CP200), SIPROTEC 5 7SJ86 (CP300), SIPROTEC 5 7SK82 (CP100), SIPROTEC 5 7SK82 (CP150), SIPROTEC 5 7SK85 (CP200), SIPROTEC 5 7SK85 (CP300), SIPROTEC 5 7SL82 (CP100), SIPROTEC 5 7SL82 (CP150), SIPROTEC 5 7SL86 (CP200), SIPROTEC 5 7SL86 (CP300), SIPROTEC 5 7SL87 (CP200), SIPROTEC 5 7SL87 (CP300), SIPROTEC 5 7SS85 (CP200), SIPROTEC 5 7SS85 (CP300), SIPROTEC 5 7ST85 (CP200), SIPROTEC 5 7ST85 (CP300), SIPROTEC 5 7ST86 (CP300), SIPROTEC 5 7SX82 (CP150), SIPROTEC 5 7SX85 (CP300), SIPROTEC 5 7SY82 (CP150), SIPROTEC 5 7UM85 (CP300), SIPROTEC 5 7UT82 (CP100), SIPROTEC 5 7UT82 (CP150), SIPROTEC 5 7UT85 (CP200), SIPROTEC 5 7UT85 (CP300), SIPROTEC 5 7UT86 (CP200), SIPROTEC 5 7UT86 (CP300), SIPROTEC 5 7UT87 (CP200), SIPROTEC 5 7UT87 (CP300), SIPROTEC 5 7VE85 (CP300), SIPROTEC 5 7VK87 (CP200), SIPROTEC 5 7VK87 (CP300), SIPROTEC 5 7VU85 (CP300), SIPROTEC 5 Compact 7SX800 (CP050) Product Status:known_affected Remediations MitigationUsers are advised to upgrade to V9.90 or later, which introduces an allow-list feature that restricts arbitrary file uploads MitigationApply password protection to all DIGSI connections to ensure secure communication MitigationFor DIGSI access provision your own certificates signed by your customer PKI as described in https://support.industry.siemens.com/cs/document/109768375 MitigationFor the available devices [CP050, CP100, CP150 and CP300], activate role-based access control (RBAC) in the device (supported in SIPROTEC 5 firmware versions V7.80 and higher) MitigationUsers are advised to upgrade to V10.00 or later, which introduces an allow-list feature that restricts arbitrary file uploads No fix plannedCurrently no fix is planned None availableCurrently no fix is available Relevant CWE: CWE-434 Unrestricted Upload of File with Dangerous Type Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Acknowledgments Siemens ProductCERT reported this vulnerability to CISA. General Recommendations Operators of critical power systems (e.g. TSOs or DSOs) worldwide are usually required by regulations to build resilience into the power grids by applying multi-level redundant secondary protection schemes. It is therefore recommended that the operators check whether appropriate resilient protection measures are in place. The risk of cyber incidents impacting the grid's reliability can thus be minimized by virtue of the grid design. Siemens strongly recommends applying the provided security updates using the corresponding tooling and documented procedures made available with the product. If supported by the product, an automated means to apply the security updates across multiple product instances may be used. Siemens strongly recommends prior validation of any security update before being applied, and supervision by trained staff of the update process in the target environment. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g. firewalls, segmentation, VPN). It is advised to configure the environment according to our operational guidelines in order to run the devices in a protected IT environment. R
Indicators of Compromise
- cve — CVE-2025-40808