Information Disclosure in EN100 Ethernet Modules by Siemens
CVE-2019-13944

5.3MEDIUM

Summary

A vulnerability exists in the integrated web server of the EN100 Ethernet modules by Siemens, impacting various communication protocol variants. This flaw could allow unauthorized attackers to access sensitive information, such as device logs and configurations, which could compromise the integrity and security of the systems utilizing these modules. At the time of advisory publication, there were no known public exploits targeting this security issue.

Affected Version(s)

EN100 Ethernet module DNP3 variant All versions

EN100 Ethernet module IEC 61850 variant All versions < V4.37

EN100 Ethernet module IEC104 variant All versions

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.