IM
IronMonkey Threat Research
‹ Back to ICS Advisories

SSA-139483: File Upload Vulnerability in SIPROTEC 5 Using DIGSI5 Protocol

MEDIUM
CVSS 6.1
Date 2026-06-09T00:00:00+00:00
Source siemens-productcert
Published by Siemens ProductCERT

// Description

SIPROTEC 5 is vulnerable to arbitrary file uploads by authenticated users using the DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, potentially causing a permanent denial of service condition. As a mitigation measure, users of the CP050 and CP150 device models are advised to upgrade to version 9.90 or later. For CP300 device models, devices 7ST85 and 7ST86 are advised to upgrade to version 10.00 or later, while the remaining models should upgrade to version 9.90 or later. These versions introduce an allow-list feature that restricts arbitrary file uploads and reduces the risk associated with this vulnerability. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.

// Vulnerabilities (1)

CVE ID CVSS Score Severity Description
CVE-2025-40808 6.1 medium
CVE-2025-40808. The affected application allows authenticated users to upload arbitrary files using DIGSI 5 protocol. This could allow an attacker to upload malicious configuration files, that could cause denial of service condition and potentially lead to code execution.

// Remediations (5)

Mitigation: <br> Users are advised to upgrade to V9.90 or later, which introduces an allow-list feature that res
<br> Users are advised to upgrade to V9.90 or later, which introduces an allow-list feature that restricts arbitrary file uploads
Mitigation: For the available devices [CP050, CP100, CP150 and CP300] , activate role based access control (RBAC
For the available devices [CP050, CP100, CP150 and CP300] , activate role based access control (RBAC) in the device (supported in SIPROTEC 5 firmware versions V7.80 and higher)
Mitigation: For DIGSI access provision your own certificates signed by your customer PKI as described in https:/
For DIGSI access provision your own certificates signed by your customer PKI as described in https://support.industry.siemens.com/cs/document/109768375
Mitigation: Users are advised to upgrade to V10.00 or later, which introduces an allow-list feature that restric
Users are advised to upgrade to V10.00 or later, which introduces an allow-list feature that restricts arbitrary file uploads
Mitigation: Apply password protection to all DIGSI connections to ensure secure communication
Apply password protection to all DIGSI connections to ensure secure communication

// References