SIEMENS SIPROTEC 5 devices are vulnerable because their session identifiers are not generated from sufficiently random numbers, potentially allowing an unauthenticated remote attacker to hijack a valid user session by brute-forcing the ID, according to the ICS Advisory published by CISA. The vulnerability, identified as CVE-2024-54017, affects a wide range of SIPROTEC 5 products across CP300, CP200, CP100, CP150 and other model families, with specific versions listed in the advisory.
Affected products could allow read access to limited information from the web server without authorisation. At present there are no fixes available, though vendor fixes are promised in versions V11.0 or later, with several links provided to Siemens support pages. This advisory, published on 14 May 2026, notes that Siemens ProductCERT reported the vulnerability to CISA, according to Siemens ProductCERT. Operators are advised to implement defensive measures, minimise network exposure, and apply security updates once available.