PatchSiren cyber security CVE debrief
CVE-2024-53651 Siemens CVE debrief
CVE-2024-53651 affects Siemens SIPROTEC 5 devices. Certain data in on-board flash storage are not encrypted, so an attacker with physical access could potentially read the device’s entire filesystem. CISA published the advisory on 2025-02-11 and lists mitigations such as limiting physical access and using customer PKI certificates; for many affected variants, no fix is currently available.
- Vendor
- Siemens
- Product
- SIPROTEC 5 6MD84 (CP300)
- CVSS
- MEDIUM 4.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-02-11
- Original CVE updated
- 2025-02-11
- Advisory published
- 2025-02-11
- Advisory updated
- 2025-02-11
Who should care
OT/ICS operators, substation and utility teams, and asset owners running affected Siemens SIPROTEC 5 relays—especially where devices are physically accessible or handled by third parties.
Technical summary
This is a confidentiality weakness in Siemens SIPROTEC 5 variants covered by CISA ICSA-25-044-03. The advisory states that affected devices do not encrypt certain data within on-board flash storage on the PCB, which could allow a physically present attacker to read the full filesystem. The supplied CVSS vector is CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating physical access is required and the primary impact is high confidentiality loss.
Defensive priority
Medium. Prioritize devices that are physically reachable, deployed in unattended locations, or handled by contractors/maintenance staff.
Recommended defensive actions
- Inventory Siemens SIPROTEC 5 deployments against the affected product list in the advisory and verify firmware/model coverage.
- Restrict physical access to affected devices to trusted personnel and tighten cabinet, room, and maintenance controls.
- Review Siemens guidance on provisioning customer PKI certificates where applicable.
- Track which products have 'no fix available' versus 'no fix planned' status and plan compensating controls accordingly.
- Treat the issue as a data-exposure risk and reduce on-device storage of sensitive artifacts where operationally possible.
Evidence notes
The source corpus states that affected devices do not encrypt certain data within on-board flash storage on the PCB, and that an attacker with physical access could read the entire filesystem. CISA’s CSAF advisory ICSA-25-044-03 and Siemens advisory SSA-111547 identify 61 affected SIPROTEC 5 product variants. The remediation entries split between 'currently no fix is available' and 'currently no fix is planned' for different subsets, with mitigations focused on limiting physical access and provisioning customer-signed certificates.
Official resources
-
CVE-2024-53651 CVE record
CVE.org
-
CVE-2024-53651 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-02-11 in CISA ICSA-25-044-03, based on Siemens SSA-111547 and the corresponding CISA CSAF source item.