CVE-2024-52504 – A vulnerability in Siemens SIPROTEC 4 protectio... (How to Fix)

Q: How do I fix CVE-2024-52504?

1. Download firmware update from Siemens support portal. 2. Follow Siemens firmware update procedures for SIPROTEC devices. 3. Apply update during maintenance window. 4. Restart device after update. 5. Verify firmware version and functionality.

Q: What is the severity of CVE-2024-52504?

CVE-2024-52504 has a CVSS score of 7.5 (HIGH). A vulnerability in Siemens SIPROTEC 4 protection devices allows unauthenticated remote attackers to cause denial of service by exploiting improper handling of interrupted file transfer operations. Affected devices require restart to restore functionality, impacting numerous SIPROTEC 4 and SIPROTEC 4 Compact models across all or specific versions.

📋 TL;DR

A vulnerability in Siemens SIPROTEC 4 protection devices allows unauthenticated remote attackers to cause denial of service by exploiting improper handling of interrupted file transfer operations. Affected devices require restart to restore functionality, impacting numerous SIPROTEC 4 and SIPROTEC 4 Compact models across all or specific versions.

💻 Affected Systems

Products:

SIPROTEC 4 6MD61
SIPROTEC 4 6MD63
SIPROTEC 4 6MD66
SIPROTEC 4 6MD665
SIPROTEC 4 7SA522
SIPROTEC 4 7SA6
SIPROTEC 4 7SD5
SIPROTEC 4 7SD610
SIPROTEC 4 7SJ61
SIPROTEC 4 7SJ62
SIPROTEC 4 7SJ63
SIPROTEC 4 7SJ64
SIPROTEC 4 7SJ66
SIPROTEC 4 7SS52
SIPROTEC 4 7ST6
SIPROTEC 4 7UM61
SIPROTEC 4 7UM62
SIPROTEC 4 7UT612
SIPROTEC 4 7UT613
SIPROTEC 4 7UT63
SIPROTEC 4 7VE6
SIPROTEC 4 7VK61
SIPROTEC 4 7VU683
SIPROTEC 4 Compact 7RW80
SIPROTEC 4 Compact 7SD80
SIPROTEC 4 Compact 7SJ80
SIPROTEC 4 Compact 7SJ81
SIPROTEC 4 Compact 7SK80
SIPROTEC 4 Compact 7SK81

Versions: All versions for most models, < V4.78 for 7SA6, 7SD5, and 7SD610

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with file transfer functionality enabled, which is typically part of standard device management operations.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical infrastructure disruption with protection devices becoming unresponsive, requiring physical intervention and restart to restore power system protection functions.

🟠

Likely Case

Temporary denial of service affecting device availability until manual restart is performed, potentially disrupting monitoring and control functions.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing unauthorized access to device management interfaces.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Vulnerability requires network access to device management interface but no authentication, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V4.78 for affected models (7SA6, 7SD5, 7SD610), check Siemens advisory for other models

Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-400089.html

Restart Required: Yes

Instructions:

1. Download firmware update from Siemens support portal. 2. Follow Siemens firmware update procedures for SIPROTEC devices. 3. Apply update during maintenance window. 4. Restart device after update. 5. Verify firmware version and functionality.

🔧 Temporary Workarounds

Network segmentation and access control

all

Restrict network access to SIPROTEC device management interfaces to authorized personnel only

Disable unnecessary file transfer services

all

If file transfer functionality is not required, disable it according to Siemens documentation

🧯 If You Can't Patch

Implement strict network segmentation with firewall rules blocking all unnecessary access to device management interfaces
Monitor for abnormal file transfer attempts and device unresponsiveness, establish procedures for rapid device restart if DoS occurs

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via DIGSI 5 engineering tool or device web interface and compare with affected versions list

Check Version:

Use DIGSI 5 tool: Connect to device and check firmware version in device properties

Verify Fix Applied:

Verify firmware version is V4.78 or later for affected models, or check Siemens advisory for specific fixed versions per model

📡 Detection & Monitoring

Log Indicators:

Abnormal file transfer interruptions
Device becoming unresponsive
Connection timeouts to device management interface
Unexpected device restarts

Network Indicators:

Unusual file transfer traffic patterns to protection devices
Multiple failed file transfer attempts from unauthorized sources

SIEM Query:

source="siprotec*" AND (event="file_transfer_error" OR event="device_unresponsive" OR event="connection_timeout")

📊 Metadata

CVE ID: CVE-2024-52504

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-754

EPSS Score: 0.14% exploit probability (33.6th percentile)

Published: August 12, 2025

Last Updated: August 12, 2025

🔗 References

https://cert-portal.siemens.com/productcert/html/ssa-400089.html

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52504, you might also want to check these: