Full Report
SIPROTEC 4 and SIPROTEC 4 Compact devices contain a vulnerability that could allow an unauthenticated remote attacker to cause a denial of service condition. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Denial of Service in SIPROTEC 4 and SIPROTEC 4 Compact via Faulty File Transfer Handling
## CVE Details
- CVE ID: CVE-2024-52504
- CVSS Score: 7.5 (CVSS v3.1) / 8.7 (CVSS v4.0) (High)
- CWE: CWE-754: Improper Check for Unusual or Exceptional Conditions
## Affected Systems
- Products: SIPROTEC 4 and SIPROTEC 4 Compact devices, including models: 6MD61, 6MD63, 6MD66, 6MD665, 7SA6, 7SA522, 7SD5, 7SD610, 7SJ61, 7SJ62, 7SJ63, 7SJ64, 7SJ66, 7SS52, 7ST6, 7UM61, 7UM62, 7UT63.
- Versions:
- For 7SA6 and 7SD5, 7SD610: All versions prior to V4.78.
- For all other listed products: All versions are affected.
- Configurations: Unspecified specific conditions beyond product model and version.
## Vulnerability Description
The vulnerability resides in how the affected devices handle interrupted operations during file transfer. This improper handling allows an unauthenticated remote attacker to trigger a Denial of Service (DoS) condition. Normal operations require a device restart to be restored after exploitation.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but it is remotely exploitable.
- Complexity: Low (CVSS 3.1 Vector Component: AC:L, PR:N, UI:N)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: No Impact (C:N)
- Integrity: No Impact (I:N)
- Availability: High Impact (A:H) - Results in a Denial of Service condition requiring a restart.
## Remediation
### Patches
- **SIPROTEC 4 7SA6:** Update to V4.78 or later version.
- **SIPROTEC 4 7SD5:** Update to V4.78 or later version.
- **SIPROTEC 4 7SD610:** Update to V4.78 or later version.
- **Other Affected Products:** Siemens has released new versions for *several* affected products, and updating to the latest version is recommended where available. Specific fix versions for many models were not listed in the summary but Siemens is preparing further fix versions.
### Workarounds
- Apply countermeasures recommended by Siemens for products where fixes are not yet available.
- Apply security updates using corresponding tooling and documented procedures.
- Prioritize validation of any security update before applying.
- **Network Protection:** Protect network access using appropriate mechanisms (e.g., firewalls, segmentation, VPN).
- **Operational Guidelines:** Configure the environment according to Siemens operational guidelines to run devices in a protected IT environment. (Reference: [https://www.siemens.com/gridsecurity](https://www.siemens.com/gridsecurity) - defanged)
## Detection
- Detection methods heavily rely on monitoring network traffic for anomalies related to file transfer operations that could indicate exploitation attempts.
- While specific IOCs are not provided, monitoring for repeated spontaneous reboots or service unavailability on affected SIPROTEC 4 devices should be investigated against recent network activity.
## References
- Vendor Advisory: SSA-400089 (Published: 2025-08-12)
- Siemens ProductCERT Advisories Link: [https://www.siemens.com/cert/advisories](https://www.siemens.com/cert/advisories) (defanged)