Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
Siemens SIPROTEC 5 ICS Vulnerability – Session Identifier Brute-Force Risk
Occurred 12 May 2026·Detected 23 May 2026·
🇩🇪 Worldwide deployment of Siemens SIPROTEC 5 devices; vendor headquartered in Germany1 reportEnded 29 May 2026
CyberEnergy
CISA has republished a Siemens ProductCERT advisory identifying a vulnerability (CVE-2024-54017) in Siemens SIPROTEC 5 protective relay devices. The flaw involves insufficiently random session identifiers, enabling unauthenticated remote attackers to brute-force valid session IDs and gain limited read access to web server data. Dozens of device variants across multiple firmware versions are affected. SIPROTEC 5 devices are widely deployed in critical power infrastructure globally. Siemens is preparing patches and recommends network segmentation and VPN mitigations in the interim.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. MEDIUM: Second-pass historical recalibration. This cyber advisory or vulnerability item is relevant to Cyber and technology-dependent Property/Casualty books, but it does not evidence confirmed insured loss, claims activity, ransomware/business interruption, critical infrastructure outage, or quantified market impact sufficient for HIGH.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Affected countries
🇩🇪 Germany🇬🇱 GLOBAL
Timeline
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:34
Status changed to active
evidence_trigger: authoritative_fast_track
signal → active
Initial Detection23 May 2026, 21:34
Initial Detection
CISA has republished a Siemens ProductCERT advisory identifying a vulnerability (CVE-2024-54017) in Siemens SIPROTEC 5 protective relay devices. The flaw involves insufficiently random session identifiers, enabling unauthenticated remote attackers to brute-force valid session IDs and gain limited read access to web server data. Dozens of device variants across multiple firmware versions are affected. SIPROTEC 5 devices are widely deployed in critical power infrastructure globally. Siemens is preparing patches and recommends network segmentation and VPN mitigations in the interim.
Affected devices do not use sufficiently random values to create session identifiers. This could allow an unauthenticated remote attacker to brute force a session identifier and gain read access to limited information from the web server without authorization.
Source: CISA Advisories (Official Advisory) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts