Information Disclosure in EN100 Ethernet Modules by Siemens
CVE-2019-13944
5.3MEDIUM
Key Information:
- Vendor
- Siemens Ag
- Status
- Vendor
- CVE Published:
- 12 December 2019
Summary
A vulnerability exists in the integrated web server of the EN100 Ethernet modules by Siemens, impacting various communication protocol variants. This flaw could allow unauthorized attackers to access sensitive information, such as device logs and configurations, which could compromise the integrity and security of the systems utilizing these modules. At the time of advisory publication, there were no known public exploits targeting this security issue.
Affected Version(s)
EN100 Ethernet module DNP3 variant All versions
EN100 Ethernet module IEC 61850 variant All versions < V4.37
EN100 Ethernet module IEC104 variant All versions
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved