CISA 2026-05-14

Siemens SIPROTEC 5

CVE-2024-54017

Machine-generated analysis · WAYSCloud LLM

Session identifier entropy issue in Siemens SIPROTEC 5 protection relays affects numerous hardware variants. The advisory notes that not all product endpoints use the vulnerable session mechanism.

Context

Siemens SIPROTEC 5 devices are protection relays used in electrical systems. The advisory states that insufficiently random session identifiers could allow unauthenticated remote attackers to hijack valid user sessions via brute-force attacks. Siemens indicates that fixes are in preparation for some products and recommends countermeasures where fixes are not yet available.

Operator considerations

Check: Inventory SIPROTEC 5 devices and their specific hardware/software versions against the listed affected models.
Isolate: Restrict network access to SIPROTEC 5 web interfaces to trusted networks only.
Patch: Apply Siemens-provided fixes or countermeasures when available.

From Cybersecurity and Infrastructure Security Agency ↗

The SIPROTEC 5 devices do not use sufficiently random numbers to generate session identifiers. This could facilitate a brute-force attack against a valid session identifier which could allow an unauthenticated remote attacker to hijack a valid user session. The affected session identifiers are only used in a subset of the endpoints that are provided by the affected products. Siemens is preparing fix versions and recommends countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens SIPROTEC 5 are affected:

SIPROTEC 5 6MD84 (CP300) vers:intdot/=7.80|=7.80|=7.80|=7.80|=7.80|=7.80 (CVE-2024-54017)

SIPROTEC 5 7SA82 (CP150) vers:intdot/=7.80|=7.80|=7.80 (CVE-2024-54017)

SIPROTEC 5 7SD82 (CP150) vers:intdot/=7.80|=7.80|=7.80 (CVE-2024-54017)

SIPROTEC 5 7SJ81 (CP150) vers:i...

Read the full advisory on CISA →