📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global apt Financial Services, Banking HIGH 57m Global vulnerability Technology and Software Development HIGH 3h Global vulnerability Government and Federal Agencies CRITICAL 3h Global supply_chain Software Development and Open-Source Ecosystems HIGH 4h Global vulnerability Enterprise Software/SaaS MEDIUM 4h Global supply_chain Software Development HIGH 5h Global general Insurance/Risk Management HIGH 5h Global data_breach Enterprise Software / Information Technology CRITICAL 6h Global vulnerability Technology/Software CRITICAL 8h Global malware Social Media and Consumer Technology HIGH 8h Global apt Financial Services, Banking HIGH 57m Global vulnerability Technology and Software Development HIGH 3h Global vulnerability Government and Federal Agencies CRITICAL 3h Global supply_chain Software Development and Open-Source Ecosystems HIGH 4h Global vulnerability Enterprise Software/SaaS MEDIUM 4h Global supply_chain Software Development HIGH 5h Global general Insurance/Risk Management HIGH 5h Global data_breach Enterprise Software / Information Technology CRITICAL 6h Global vulnerability Technology/Software CRITICAL 8h Global malware Social Media and Consumer Technology HIGH 8h Global apt Financial Services, Banking HIGH 57m Global vulnerability Technology and Software Development HIGH 3h Global vulnerability Government and Federal Agencies CRITICAL 3h Global supply_chain Software Development and Open-Source Ecosystems HIGH 4h Global vulnerability Enterprise Software/SaaS MEDIUM 4h Global supply_chain Software Development HIGH 5h Global general Insurance/Risk Management HIGH 5h Global data_breach Enterprise Software / Information Technology CRITICAL 6h Global vulnerability Technology/Software CRITICAL 8h Global malware Social Media and Consumer Technology HIGH 8h
Vulnerabilities

CVE-2024-54017

Medium
CWE-334 — Weakness Type
Published: May 12, 2026  ·  Modified: May 15, 2026  ·  Source: NVD
CVSS v3
5.3
🔗 NVD Official
📄 Description (English)

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V11.0), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V11.0), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V11.0), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V11.0), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V11.0), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7ST86 (CP300) (All versions < V11.0), SIPROTEC 5 7SX82 (CP150) (All versions < V11.0), SIPROTEC 5 7SX85 (CP300) (All versions < V11.0), SIPROTEC 5 7SY82 (CP150) (All versions < V11.0), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V11.0), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5 7VU85 (CP300) (All versions < V11.0), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V11.0). Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization.

🤖 AI Executive Summary

CVE-2024-54017 affects Siemens SIPROTEC 5 protective relays across 50+ device models due to insufficient randomness in session identifier generation (CWE-334). An unauthenticated remote attacker can brute force session IDs to gain unauthorized read access to web server information. With CVSS 5.3 (medium) and no patch currently available, this poses a significant risk to Saudi Arabia's critical power infrastructure, particularly affecting ARAMCO facilities and grid operators relying on these protection devices.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 29, 2026 09:36
🇸🇦 Saudi Arabia Impact Assessment
Critical impact on Energy sector (Saudi Aramco, SEC, regional power utilities) and Government infrastructure. SIPROTEC 5 devices are widely deployed in Saudi Arabia's electrical grid protection systems. Unauthorized session access could enable reconnaissance of grid topology, protection settings, and operational parameters. Secondary impact on Water/Desalination facilities (SWCC) and Industrial sectors using these relays. Risk of cascading failures if attackers combine this with other vulnerabilities to manipulate protection logic.
🏢 Affected Saudi Sectors
Energy (Saudi Aramco, SEC, regional utilities) Government (critical infrastructure) Water and Desalination (SWCC) Industrial Manufacturing Telecommunications (backup power systems)
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:

1. Inventory all SIPROTEC 5 devices in your environment and identify affected models/versions listed in CVE description

2. Implement network segmentation: isolate protective relay management interfaces from untrusted networks

3. Restrict web server access to authorized personnel only using firewall rules and access control lists

4. Enable logging and monitoring of all web server access attempts to SIPROTEC 5 devices

5. Implement strong authentication mechanisms (multi-factor authentication where supported)



Patching Guidance:

- Upgrade to SIPROTEC 5 firmware version V11.0 or later for affected models (when available)

- For CP200/CP300 variants with version < V7.80, prioritize upgrade to V11.0

- Test patches in non-production environment first



Compensating Controls (until patch available):

- Deploy intrusion detection/prevention systems (IDS/IPS) to monitor for session brute force attempts

- Implement rate limiting on web server login endpoints

- Use VPN or secure tunneling for remote access to device management interfaces

- Disable web server access if not operationally required



Detection Rules:

- Monitor for multiple failed session attempts from same source IP

- Alert on unusual session ID patterns or rapid session creation

- Log all successful web server authentications with timestamp and source IP

- Baseline normal session duration and alert on anomalies
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:

1. قم بحصر جميع أجهزة SIPROTEC 5 في بيئتك وحدد النماذج والإصدارات المتأثرة المدرجة في وصف CVE

2. تطبيق تقسيم الشبكة: عزل واجهات إدارة المرحل الواقي عن الشبكات غير الموثوقة

3. تقييد الوصول إلى خادم الويب للموظفين المصرح لهم فقط باستخدام قواعد جدار الحماية وقوائم التحكم في الوصول

4. تفعيل تسجيل ومراقبة جميع محاولات الوصول إلى خادم الويب لأجهزة SIPROTEC 5

5. تطبيق آليات المصادقة القوية (المصادقة متعددة العوامل حيث يكون مدعوماً)



إرشادات التصحيح:

- ترقية إلى إصدار البرنامج الثابت SIPROTEC 5 V11.0 أو أحدث للنماذج المتأثرة (عند توفره)

- بالنسبة لمتغيرات CP200/CP300 بإصدار < V7.80، أولويات الترقية إلى V11.0

- اختبر التصحيحات في بيئة غير الإنتاج أولاً



الضوابط البديلة (حتى توفر التصحيح):

- نشر أنظمة كشف/منع الاختراق (IDS/IPS) لمراقبة محاولات القوة الغاشمة للجلسة

- تطبيق تحديد معدل على نقاط نهاية تسجيل الدخول بخادم الويب

- استخدام VPN أو نفق آمن للوصول البعيد إلى واجهات إدارة الجهاز

- تعطيل الوصول إلى خادم الويب إذا لم يكن مطلوباً تشغيلياً



قواعد الكشف:

- مراقبة محاولات الجلسة الفاشلة المتعددة من نفس عنوان IP المصدر

- تنبيه على أنماط معرف الجلسة غير العادية أو إنشاء الجلسة السريع

- تسجيل جميع المصادقات الناجحة لخادم الويب مع الطابع الزمني وعنوان IP المصدر

- خط أساس مدة الجلسة العادية والتنبيه على الشذوذ
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies (session management) ECC 2024 A.5.2.1 - User Registration and Access Rights Management ECC 2024 A.5.3.1 - Password Management ECC 2024 A.8.2.1 - User Access Management ECC 2024 A.8.3.1 - Access Rights Review
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management (inventory SIPROTEC devices) SAMA CSF PR.AC-1 - Access Control Policy (restrict web server access) SAMA CSF PR.AC-2 - Physical and Logical Access Control SAMA CSF DE.CM-1 - Network Monitoring (detect brute force attempts) SAMA CSF RS.MI-2 - Incident Response and Management
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access Control (session management) ISO 27001:2022 A.5.16 - Authentication ISO 27001:2022 A.5.18 - Cryptography (random number generation) ISO 27001:2022 A.8.3 - Access Control ISO 27001:2022 A.8.22 - Monitoring
📊 CVSS Score
5.3
/ 10.0 — Medium
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityL — Low / Local
IntegrityN — None / Network
AvailabilityN — None / Network
📋 Quick Facts
Severity Medium
CVSS Score5.3
CWECWE-334
EPSS0.03%
Exploit No
Patch ✗ No
Published 2026-05-12
Source Feed nvd
🇸🇦 Saudi Risk Score
7.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
CWE-334
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.