Full Report
Affected SIPROTEC 5 devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the sensitive information from the filesystem of the device. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Cleartext Storage of Sensitive Information in SIPROTEC 5
## CVE Details
- **CVE ID:** CVE-2024-53651
- **CVSS Score:** 4.6 (Medium) - CVSS v3.1 / 5.1 (Medium) - CVSS v4.0
- **CWE:** CWE-312: Cleartext Storage of Sensitive Information
## Affected Systems
- **Products:** Siemens SIPROTEC 5 series devices including:
- CP050 Devices (Compact 7SX800)
- CP100 Devices (7SA82, 7SD82, 7SJ81, 7SJ82, 7SK82, 7SL82, 7UT82)
- CP150 Devices (7SA82, 7SD82)
- **Versions:** All versions currently released are affected.
- **Configurations:** Physical presence of the device is required for vulnerability manifestation.
## Vulnerability Description
Affected SIPROTEC 5 devices fail to encrypt specific data residing on the on-board flash storage of the Printed Circuit Board (PCB). Because this data is stored in cleartext (unencrypted), an attacker who gains direct access to the internal hardware components can interfacial with the flash storage to read the device's entire filesystem.
## Exploitation
- **Status:** Not reported as exploited in the wild; discovered by security researchers (SEC Consult Vulnerability Lab).
- **Complexity:** Low (once physical access is obtained).
- **Attack Vector:** Physical (requires hands-on access to the device hardware).
## Impact
- **Confidentiality:** High (Attacker can read the entire filesystem, potentially exposing sensitive configuration data and cryptographic keys).
- **Integrity:** None reported.
- **Availability:** None reported.
## Remediation
### Patches
- **Status:** No patches are currently available. Siemens is preparing fix versions for affected products.
### Workarounds
Until official firmware updates are released, Siemens recommends the following mitigations:
- **Physical Security:** Implement strict physical access controls to the devices and the cabinets in which they are installed to prevent unauthorized hardware tampering.
- **Monitoring:** Utilize existing physical security monitoring systems (e.g., enclosure alarms, CCTV) to detect unauthorized access to the hardware.
- **Defense-in-Depth:** Follow Siemens' general security guidelines for grid security, including network segmentation and the use of firewalls to limit the secondary impact of any data exfiltrated via physical access.
## Detection
- **Indicators of Compromise:** Physical signs of tampering on the device casing, broken security seals, or evidence of unauthorized connection to the internal PCB headers.
- **Detection methods and tools:** Regular physical audits of substation equipment and monitoring of cabinet door-contact sensors.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-111547[.]html
- **Siemens Grid Security Guidelines:** hxxps://www[.]siemens[.]com/gridsecurity
- **Siemens ProductCERT:** hxxps://www[.]siemens[.]com/cert/advisories