CVE-2018-4838

7.5HIGH

Key Information:

Vendor: Siemens
Status: En100 Ethernet Module Iec 61850 Variant; En100 Ethernet Module Dnp3 Variant; En100 Ethernet Module Profinet Io Variant; En100 Ethernet Module Modbus Tcp Variant
Vendor: CVE Published:; 8 March 2018

Summary

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

Affected Version(s)

EN100 Ethernet module DNP3 variant All versions < V1.04

EN100 Ethernet module IEC 104 variant All versions < V1.22

EN100 Ethernet module IEC 61850 variant All versions < V4.30

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84587...

x_refsource_CONFIRM

https://www.securityfocus.com/bid/103379

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2018
Vulnerability Reserved
Jan 2, 2018