Remote Code Execution Vulnerability in Siemens DIGSI 4 and EN100 Ethernet Modules
CVE-2018-4840

7.5HIGH

Key Information:

Vendor: Siemens
Status: Digsi 4; En100 Ethernet Module Dnp3 Variant; En100 Ethernet Module Iec 104 Variant; En100 Ethernet Module Iec 61850 Variant
Vendor: CVE Published:; 8 March 2018

What is CVE-2018-4840?

A vulnerability exists in Siemens DIGSI 4 and various EN100 Ethernet modules that enables an unauthenticated remote attacker to upload modified device configurations. This can result in overwriting access authorization passwords, potentially compromising the integrity and security of the devices involved. The affected modules include several variants such as DNP3, IEC 104, IEC 61850, Modbus TCP, and PROFINET IO, making it imperative for users to apply the necessary updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

DIGSI 4 All versions < V4.92

EN100 Ethernet module DNP3 variant All versions < V1.05.00

EN100 Ethernet module IEC 104 variant All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-20330...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 8, 2018
Vulnerability Reserved
Jan 2, 2018

JSON

Siemens

What is CVE-2018-4840?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.