The vulnerability enables authenticated users to upload arbitrary files using the DIGSI 5 protocol. This allows attackers to place malicious configuration files on the device, potentially causing a denial‑of‑service condition and, in some cases, enabling remote code execution. The CWE classification is 434, indicating an unrestricted file upload flaw that lacks proper validation of file types and content.

Affected products are Siemens SIPROTEC 5 devices, including models 6MD84, 6MD85, 6MD86, 6MD89, 6MU85, 7KE85, 7SA82, 7SA86, 7SA87, 7SD82, 7SD86, 7SD87, 7SJ81, 7SJ82, 7SJ85, 7SJ86, 7SK82, 7SK85, 7SL82, 7SL86, 7SL87, 7SS85, 7ST85, 7ST86, 7SX82, 7SX85, 7SY82, 7UM85, 7UT82, 7UT85, 7UT86, 7UT87, 7VE85, 7VK87, 7VU85, Compact 7SX800, all listed in their CP series revisions as noted in the CNA data. All versions of each listed model are impacted.

The CVSS score of 6.9 indicates a moderate severity. Because authentication is required, the attack vector is credential‑based and could be achieved by an authorized user or through compromised credentials; the attacker can upload a malicious file which may be executed by the control software or used to disrupt operation. No EPSS value is published, and the vulnerability is not currently in the CISA KEV catalog, suggesting limited publicly documented exploit activity to date. Nevertheless, the possibility of code execution and denial of service makes it a priority for immediate attention.