Denial of service in SIPROTEC 4 and Siprotec Compact - CVE-2015-5374
Published: July 7, 2017 / Updated: June 17, 2021
Vulnerability identifier: #VU7379
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2015-5374
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Siemens
Affected software:
SIPROTEC 4
Siprotec Compact
SIPROTEC 4
Siprotec Compact
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in the EN100 module. A remote attacker can send specially crafted packets to UDP port 50000 and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to an error in the EN100 module. A remote attacker can send specially crafted packets to UDP port 50000 and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2015-5374
Update SIPROTEC 4 to version 4.25.
Update SIPROTEC Compact to version 4.25.
Update SIPROTEC Compact to version 4.25.