CVE-2025-40808 - Vulnerability Details

- Authenticated File Upload Allowing Arbitrary Files via DIGSI 5

Description

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution.

Published: 2026-06-09

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Siemens

SIPROTEC 5 6MD84 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 6MD85 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 6MD85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 6MD86 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 6MD86 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 6MD89 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 6MU85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7KE85 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7KE85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SA82 (CP100)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SA82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SA86 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SA86 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SA87 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SA87 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SD82 (CP100)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SD82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SD86 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SD86 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SD87 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SD87 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ81 (CP100)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ81 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ82 (CP100)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ85 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ86 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SJ86 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SK82 (CP100)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SK82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SK85 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SK85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SL82 (CP100)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SL82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SL86 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SL86 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SL87 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SL87 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SS85 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SS85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7ST85 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7ST85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7ST86 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SX82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SX85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7SY82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UM85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT82 (CP100)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT82 (CP150)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT85 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT86 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT86 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT87 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7UT87 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7VE85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7VK87 (CP200)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7VK87 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 7VU85 (CP300)

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

SIPROTEC 5 Compact 7SX800 (CP050)

unknown

Version	Status	Constraints
`0`	affected	< *

No data.

Vendor Product Confidence Versions

Siemens

Siprotec 5 6md84

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 6md85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 6md85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 6md86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 6md86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 6md89

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 6mu85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ke85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ke85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sa82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sa82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sa86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sa86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sa87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sa87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sd82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sd82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sd86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sd86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sd87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sd87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj81

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj81

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sj86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sk82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sk82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sk85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sk85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sl82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sl82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sl86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sl86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sl87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sl87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ss85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ss85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7st85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7st85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7st86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sx82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sx85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7sy82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7um85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut82

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut86

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ut87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7ve85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7vk87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7vk87

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 7vu85

100%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Siemens

Siprotec 5 Compact 7sx800

90%

Version	Status	Scheme	Platform
`[0,*]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00186.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-139483.html

History

Tue, 09 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Siemens Siemens siprotec 5 6md84 Siemens siprotec 5 6md85 Siemens siprotec 5 6md86 Siemens siprotec 5 6md89 Siemens siprotec 5 6mu85 Siemens siprotec 5 7ke85 Siemens siprotec 5 7sa82 Siemens siprotec 5 7sa86 Siemens siprotec 5 7sa87 Siemens siprotec 5 7sd82 Siemens siprotec 5 7sd86 Siemens siprotec 5 7sd87 Siemens siprotec 5 7sj81 Siemens siprotec 5 7sj82 Siemens siprotec 5 7sj85 Siemens siprotec 5 7sj86 Siemens siprotec 5 7sk82 Siemens siprotec 5 7sk85 Siemens siprotec 5 7sl82 Siemens siprotec 5 7sl86 Siemens siprotec 5 7sl87 Siemens siprotec 5 7ss85 Siemens siprotec 5 7st85 Siemens siprotec 5 7st86 Siemens siprotec 5 7sx82 Siemens siprotec 5 7sx85 Siemens siprotec 5 7sy82 Siemens siprotec 5 7um85 Siemens siprotec 5 7ut82 Siemens siprotec 5 7ut85 Siemens siprotec 5 7ut86 Siemens siprotec 5 7ut87 Siemens siprotec 5 7ve85 Siemens siprotec 5 7vk87 Siemens siprotec 5 7vu85 Siemens siprotec 5 Compact 7sx800
Vendors & Products		Siemens Siemens siprotec 5 6md84 Siemens siprotec 5 6md85 Siemens siprotec 5 6md86 Siemens siprotec 5 6md89 Siemens siprotec 5 6mu85 Siemens siprotec 5 7ke85 Siemens siprotec 5 7sa82 Siemens siprotec 5 7sa86 Siemens siprotec 5 7sa87 Siemens siprotec 5 7sd82 Siemens siprotec 5 7sd86 Siemens siprotec 5 7sd87 Siemens siprotec 5 7sj81 Siemens siprotec 5 7sj82 Siemens siprotec 5 7sj85 Siemens siprotec 5 7sj86 Siemens siprotec 5 7sk82 Siemens siprotec 5 7sk85 Siemens siprotec 5 7sl82 Siemens siprotec 5 7sl86 Siemens siprotec 5 7sl87 Siemens siprotec 5 7ss85 Siemens siprotec 5 7st85 Siemens siprotec 5 7st86 Siemens siprotec 5 7sx82 Siemens siprotec 5 7sx85 Siemens siprotec 5 7sy82 Siemens siprotec 5 7um85 Siemens siprotec 5 7ut82 Siemens siprotec 5 7ut85 Siemens siprotec 5 7ut86 Siemens siprotec 5 7ut87 Siemens siprotec 5 7ve85 Siemens siprotec 5 7vk87 Siemens siprotec 5 7vu85 Siemens siprotec 5 Compact 7sx800

Tue, 09 Jun 2026 11:45:00 +0000

Type	Values Removed	Values Added
Title		Authenticated File Upload Allowing Arbitrary Files via DIGSI 5

Tue, 09 Jun 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions), SIPROTEC 5 7SX85 (CP300) (All versions), SIPROTEC 5 7SY82 (CP150) (All versions), SIPROTEC 5 7UM85 (CP300) (All versions), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions), SIPROTEC 5 7VE85 (CP300) (All versions), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions), SIPROTEC 5 7VU85 (CP300) (All versions), SIPROTEC 5 Compact 7SX800 (CP050) (All versions). The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution.
Weaknesses		CWE-434
References		https://cert-portal.siemens.com/productcert/html/ssa-139483.html
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Siemens Siprotec 5 6md84 Siprotec 5 6md85 Siprotec 5 6md86 Siprotec 5 6md89 Siprotec 5 6mu85 Siprotec 5 7ke85 Siprotec 5 7sa82 Siprotec 5 7sa86 Siprotec 5 7sa87 Siprotec 5 7sd82 Siprotec 5 7sd86 Siprotec 5 7sd87 Siprotec 5 7sj81 Siprotec 5 7sj82 Siprotec 5 7sj85 Siprotec 5 7sj86 Siprotec 5 7sk82 Siprotec 5 7sk85 Siprotec 5 7sl82 Siprotec 5 7sl86 Siprotec 5 7sl87 Siprotec 5 7ss85 Siprotec 5 7st85 Siprotec 5 7st86 Siprotec 5 7sx82 Siprotec 5 7sx85 Siprotec 5 7sy82 Siprotec 5 7um85 Siprotec 5 7ut82 Siprotec 5 7ut85 Siprotec 5 7ut86 Siprotec 5 7ut87 Siprotec 5 7ve85 Siprotec 5 7vk87 Siprotec 5 7vu85 Siprotec 5 Compact 7sx800

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2026-06-09T08:46:49.158Z

Updated: 2026-06-09T14:22:32.677Z

Reserved: 2025-04-16T08:50:26.973Z

Link: CVE-2025-40808

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-06-09T10:16:35.807

Modified: 2026-06-09T13:49:39.993

Link: CVE-2025-40808

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-09T20:21:08Z

Weaknesses

CWE-434

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object