Buffer Overflow Vulnerability in EN100 Ethernet Module by Siemens
CVE-2019-13942

7.5HIGH

Key Information:

Vendor: Siemens Ag
Status: En100 Ethernet Module Dnp3 Variant; En100 Ethernet Module Iec 61850 Variant; En100 Ethernet Module Iec104 Variant; En100 Ethernet Module Modbus Tcp Variant
Vendor: CVE Published:; 12 December 2019

Summary

A buffer overflow vulnerability in the Siemens EN100 Ethernet module affects all versions of several variants including DNP3, IEC 61850 (below v4.37), IEC104, Modbus TCP, and PROFINET IO. This vulnerability allows unauthorized users to exploit the webserver of the affected modules by sending specially crafted packets, potentially leading to a Denial-of-Service condition. If exploited, devices may require a manual restart for full recovery. At the time of advisory publication, there was no known public exploitation of this issue.

Affected Version(s)

EN100 Ethernet module DNP3 variant All versions

EN100 Ethernet module IEC 61850 variant All versions < V4.37

EN100 Ethernet module IEC104 variant All versions

References

https://cert-portal.siemens.com/productcert/pdf/ssa-41897...

x_refsource_MISC

https://www.us-cert.gov/ics/advisories/icsa-19-344-07

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 12, 2019
Vulnerability Reserved
Jul 18, 2019