### [CVE-2024-53649](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53649)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%206MD84%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%206MD85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%206MD86%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%206MD89%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%206MU85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207KE85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SA82%20(CP100)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SA82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SA86%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SA87%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SD82%20(CP100)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SD82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SD86%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SD87%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SJ81%20(CP100)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SJ81%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SJ82%20(CP100)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SJ82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SJ85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SJ86%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SK82%20(CP100)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SK82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SK85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SL82%20(CP100)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SL82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SL86%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SL87%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SS85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207ST85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207ST86%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SX82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SX85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207SY82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207UM85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207UT82%20(CP100)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207UT82%20(CP150)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207UT85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207UT86%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207UT87%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207VE85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207VK87%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%207VU85%20(CP300)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=SIPROTEC%205%20Compact%207SX800%20(CP050)&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=V7.80%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-552%3A%20Files%20or%20Directories%20Accessible%20to%20External%20Parties&color=brightgreen)

### Description

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80 < V9.68), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V9.80), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V9.80), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V9.80), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7ST85 (CP300) (All versions < V9.68), SIPROTEC 5 7ST86 (CP300) (All versions < V9.80), SIPROTEC 5 7SX82 (CP150) (All versions < V9.80), SIPROTEC 5 7SX85 (CP300) (All versions < V9.80), SIPROTEC 5 7SY82 (CP150) (All versions < V9.80), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V9.80), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VU85 (CP300) (All versions < V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.80). Affected devices do not properly limit the path accessible via their webserver.  This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds