Denial-of-Service Vulnerability in EN100 Ethernet Module by Siemens
CVE-2018-16563

5.9MEDIUM

Key Information:

Vendor: Siemens
Status: Firmware Variant Iec 61850 For En100 Ethernet Module; Firmware Variant Modbus Tcp For En100 Ethernet Module; Firmware Variant Dnp3 Tcp For En100 Ethernet Module; Firmware Variant Iec104 For En100 Ethernet Module
Vendor: CVE Published:; 21 March 2019

Summary

A vulnerability in the EN100 Ethernet module variants by Siemens allows an attacker to exploit specially crafted packets sent to port 102/tcp, resulting in a denial-of-service condition. This could compromise the availability of network functionality for the affected systems, requiring a manual restart of the EN100 module for recovery. Successful exploitation necessitates network access with IEC 61850-MMS communication enabled, and no user interaction or privileges are needed to execute the attack. At the time of advisory publication, there was no known public exploitation of this vulnerability.

Affected Version(s)

Firmware variant DNP3 TCP for EN100 Ethernet module All versions

Firmware variant IEC 61850 for EN100 Ethernet module All versions < V4.35

Firmware variant IEC104 for EN100 Ethernet module All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-10408...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Sep 6, 2018