Full Report
Affected SIPROTEC 5 devices contain a development shell which is accessible via a physical interface which is not properly restricted. This could allow an unauthenticated attacker with physical access to an affected device to execute arbitrary commands on the device. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Accessible Development Shell via Physical Interface in SIPROTEC 5
## CVE Details
- **CVE ID:** CVE-2024-53648
- **CVSS Score:** 6.8 (Medium) - CVSS v3.1 / 7.0 (High) - CVSS v4.0
- **CWE:** CWE-489: Active Debug Code
## Affected Systems
- **Products:** Siemens SIPROTEC 5 and SIPROTEC 5 Compact devices.
- **Versions:**
- **CP100 Devices (7SA82, 7SD82, 7SJ81, 7SJ82, 7SK82, 7SL82, 7UT82):** All versions < V8.90.
- **CP150 Devices (7SA82):** All versions < V9.90.
- **CP300 Devices (7KE85, 7ST85, 7ST86):** Versions fixed as of V1.1/V1.2 update.
- **Configurations:** Devices featuring the development shell accessible via a physical interface.
## Vulnerability Description
Affected devices contain an active development shell intended for debugging or manufacturing that was not properly restricted or deactivated in production. Because the interface lacks authentication requirements, an attacker can interact directly with the device's operating system.
## Exploitation
- **Status:** Not exploited (No reports of exploitation in the wild at this time).
- **Complexity:** Low (Requires no specialized exploitation tools beyond interface access).
- **Attack Vector:** Physical (Attacker must have direct physical access to the device's hardware interfaces).
## Impact
- **Confidentiality:** High (Access to device data/configurations).
- **Integrity:** High (Ability to execute arbitrary commands and modify logic).
- **Availability:** High (Potential to crash the device or disrupt protection functions).
## Remediation
### Patches
Siemens recommends updating to the following versions or later:
- **CP100 Series:** Update to V8.90.
- **CP150 Series:** Update to V9.90.
- **CP300 Series:** Refer to Siemens support links for the latest applicable firmware (V1.1/V1.2 update).
### Workarounds
- **Physical Security:** Strictly limit access to the device to authorized personnel only. Ensure the device is installed in a locked cabinet or restricted room.
- **Generic Security:** Protect network access via firewalls and segmentation to prevent lateral movement if the physical layer is breached.
## Detection
- **Indicators of Compromise:** Unusual activity on physical serial/debug ports or unexpected configuration changes.
- **Detection methods and tools:** Physical inspection of device seals or tampering; monitoring for unauthorized command execution if logging is enabled for shell activity.
## References
- **Vendor Advisory:** hxxps://cert-portal[.]siemens[.]com/productcert/html/ssa-687955[.]html
- **Support Links:**
- hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109757433/
- hxxps://support[.]industry[.]siemens[.]com/cs/ww/en/view/109751934/
- hxxps://www[.]siemens[.]com/gridsecurity