What is CVE-2021-33719?

A critical vulnerability has been identified in Siemens SIPROTEC 5 relays. Attackers could exploit specially crafted packets to cause a Denial-of-Service condition or potential remote code execution. Immediate action is required to mitigate risks associated with this vulnerability.

What is the severity of CVE-2021-33719?

CVE-2021-33719 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2021-33719 | Critical Vulnerability in Siemens SIPROTEC 5

A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050, CP100, and CP300, affecting all versions prior to V8.80. This vulnerability allows specially crafted packets sent to port 4443/tcp to cause a Denial-of-Service condition or potential remote code execution. With a CVSS score of 9.8, this vulnerability is classified as critical, highlighting its serious implications for affected systems.

Organizations utilizing Siemens SIPROTEC 5 relays should be particularly vigilant, as the exploitation of this vulnerability could lead to significant operational disruptions and security breaches. The urgency is underscored by the potential for remote code execution, which could allow attackers to gain control over systems.

Currently, there are no public exploits confirmed for this vulnerability, but the nature of the vulnerability poses a high risk. Organizations should prioritize patching to mitigate this risk immediately.

Timely remediation is critical to prevent unauthorized access and maintain system integrity. Organizations should address this vulnerability in their priority patch cycle to ensure their systems remain secure.

Vulnerability Details

The official description states that this vulnerability affects SIPROTEC 5 relays with CPU variants CP050, CP100, and CP300, specifically all versions prior to V8.80. The vulnerability is classified under CWE-120, indicating a potential buffer copy without checking the size of the input.

The CVSS score of 9.8 reflects the critical severity level, indicating high impacts on confidentiality, integrity, and availability. The potential for remote code execution adds to the gravity of this vulnerability.

Technical Analysis

The root cause of this vulnerability stems from improper handling of specially crafted packets, leading to the possibility of a crash or unauthorized code execution. The attack vector is network-based, with low complexity and no privileges required for exploitation. User interaction is also not necessary, making this vulnerability particularly dangerous.

Exploiting this vulnerability could allow attackers to impact confidentiality, integrity, and availability, potentially leading to extensive damage across affected systems.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is significant. Organizations using Siemens SIPROTEC 5 relays may face operational disruptions, data breaches, and reputational damage if exploited. Given the high CVSS score and the potential for remote code execution, the blast radius of an attack could be extensive, affecting numerous systems.

Organizations must assess their exposure and prioritize remediation actions. The urgency for patching is critical, as attackers may actively seek to exploit this vulnerability to gain unauthorized access.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include all SIPROTEC 5 relays with CPU variants CP050, CP100, and CP300, specifically those running versions prior to V8.80.

Mitigation & Remediation

Organizations must apply the available patches provided by Siemens for this vulnerability. Upgrading to SIPROTEC 5 relays with CPU variants CP050, CP100, and CP300 to version 8.80 or later is essential. If patches are not immediately available, organizations should consider implementing network segmentation and access controls to mitigate exposure.

Continuous security testing can also be employed to uncover similar vulnerabilities in the network.

Detection Guidance

Organizations should monitor logs for unusual traffic patterns directed at port 4443/tcp, analyze system behavior for anomalies, and utilize intrusion detection systems to identify potential exploitation attempts. Any unexpected system changes should be investigated promptly.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2021-33719 underscores the need for organizations to maintain robust security practices. This vulnerability highlights a trend in the increasing complexity of attack vectors, necessitating a comprehensive security posture.

Understanding penetration testing methodologies can help organizations identify weaknesses before they can be exploited.

Implementing a vulnerability management program is vital to ongoing security and helps in tracking and mitigating vulnerabilities effectively.

Leveraging API security testing can also enhance the security framework against similar vulnerabilities.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-33719: Critical Vulnerability in Siemens SIPROTEC 5