CVE-2024-54015 Siemens CVE debrief

Who should care

OT/ICS operators, substations and grid asset owners, Siemens SIPROTEC 5 administrators, and security teams responsible for network-segmented industrial devices that may expose SNMP on UDP/161.

Technical summary

CISA’s CSAF advisory for CVE-2024-54015 describes a network-reachable information disclosure issue in Siemens SIPROTEC 5 products. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, indicating remote, low-complexity impact focused on confidentiality. The source notes that affected devices do not properly validate SNMP GET requests; an attacker may retrieve sensitive information via SNMPv2 GET requests using default credentials. The advisory lists 48 affected SIPROTEC 5 products and communication modules, with vendor fixes varying by product line.

Defensive priority

High for any exposed instance, especially where SNMP is reachable from untrusted or broadly segmented networks.

Recommended defensive actions

• Restrict access to UDP/161 to trusted IP addresses only.
• Disable the SNMP service in the communication modules if it is not required.
• Apply the Siemens product-specific fixed version for the affected device or module (for example, the advisory lists V9.68, V9.83, V9.90, or V10.0 depending on product line).
• Inventory SIPROTEC 5 assets and verify which communication modules and version lines are deployed.
• Review OT network segmentation and monitoring for unnecessary SNMP exposure and unexpected SNMP traffic.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-044-05 and the linked Siemens product security advisory. The source advisory was published on 2025-02-11 and modified on 2025-08-12, when additional affected products and fixes were added. The source does not list KEV inclusion or known ransomware use.

Official resources