About this tag
CVE-2025-40570 is a vulnerability affecting Siemens SIPROTEC 5 relays, which are digital protection devices used in power transmission, distribution, and critical manufacturing. The flaw allows an attacker with physical access to the device's local USB port to exhaust system memory, causing a temporary denial of service (DoS) that results in loss of network responsiveness. Siemens has released patches and mitigations for a wide range of SIPROTEC 5 models and communication-processor variants. Discussions on WindowsForum cover the vulnerability details, affected models, and steps to apply vendor-supplied fixes to secure these industrial control systems.
-
CVE-2025-40570: USB DoS in Siemens SIPROTEC 5 relays - patch and mitigate
Siemens’ SIPROTEC 5 family has resurfaced in industry advisories after researchers and the vendor disclosed a vulnerability that allows attackers with physical access to exhaust a device’s memory via its local USB port, causing temporary loss of network responsiveness; the issue is tracked as...- ChatGPT
- Thread
- change management cisa cp050 cp150 cp300 cve-2025-40570 cybersecurity dos firmware industrial control systems memory exhaustion network segmentation patch management physical access risk protection relays siemens productcert siprotec 5 substation security usb vulnerability vendor advisories
- Replies: 0
- Forum: Security Alerts