Security Flaw in EN100 Ethernet Module by Siemens
CVE-2016-4784

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Siprotec Firmware
Vendor: CVE Published:; 31 May 2016

🔔 Create Siemens Vulnerability Alert

What is CVE-2016-4784?

A security vulnerability exists in the EN100 Ethernet module that allows remote attackers to access sensitive device information via its integrated web server on port 80/tcp. This exposure affects specific firmware variants, potentially compromising the integrity of the network and device functionality.

References

http://www.siemens.com/cert/pool/cert/siemens_security_ad...

x_refsource_CONFIRM

https://ics-cert.us-cert.gov/advisories/ICSA-16-140-02

x_refsource_MISC

https://www.siemens.com/cert/pool/cert/siemens_security_a...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2016
Vulnerability Reserved
May 11, 2016

.

CVE-2016-4784 : Security Flaw in EN100 Ethernet Module by Siemens