CVE-2021-33719

moderate-risk
Published 2021-09-14

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Specially crafted packets sent to port 4443/tcp could cause a Denial-of-Service condition or potential remote code execution.

Do I need to act?

-
0.56% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Siprotec 5 With Cpu Variant Cp050
Siprotec 5 With Cpu Variant Cp100
Siprotec 5 With Cpu Variant Cp300

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 9/34 · Low