Authentication Bypass in EN100 Ethernet Module by Siemens
CVE-2016-7114

8.8HIGH

Key Information:

Vendor
Siemens
Status
En100 Ethernet Module Firmware
Vendor
CVE Published:
6 September 2016

Summary

A significant vulnerability exists in the Siemens EN100 Ethernet module, affecting several firmware variants and leading to potential authentication bypass. Attackers who have network access to the device's web interface, particularly on the TCP port 80, may exploit this flaw to perform unauthorized administrative operations. This requires a legitimate user to be logged in, making the integrity of user sessions crucial for security. Users and administrators should ensure they are running the latest firmware versions to mitigate this risk.

References

http://www.securityfocus.com/bid/92745
vdb-entryx_refsource_BID
https://www.siemens.com/cert/pool/cert/siemens_security_a...
x_refsource_CONFIRM
https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.