Search criteria
2 vulnerabilities found for Other SIPROTEC 4 relays by Siemens
CVE-2018-4839 (GCVE-0-2018-4839)
Vulnerability from cvelistv5 – Published: 2018-03-08 17:00 – Updated: 2024-08-05 05:18
VLAI?
Summary
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.
Severity ?
No CVSS data available.
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | DIGSI 4 |
Affected:
All versions < V4.92
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIGSI 4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.92"
}
]
},
{
"product": "EN100 Ethernet module DNP3 variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.05.00"
}
]
},
{
"product": "EN100 Ethernet module IEC 104 variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "EN100 Ethernet module IEC 61850 variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.30"
}
]
},
{
"product": "EN100 Ethernet module Modbus TCP variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "EN100 Ethernet module PROFINET IO variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Other SIPROTEC 4 relays",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Other SIPROTEC Compact relays",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIPROTEC 4 7SD80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.70"
}
]
},
{
"product": "SIPROTEC 4 7SJ61",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.96"
}
]
},
{
"product": "SIPROTEC 4 7SJ62",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.96"
}
]
},
{
"product": "SIPROTEC 4 7SJ64",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.96"
}
]
},
{
"product": "SIPROTEC 4 7SJ66",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.30"
}
]
},
{
"product": "SIPROTEC Compact 7SJ80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.77"
}
]
},
{
"product": "SIPROTEC Compact 7SK80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.77"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:02:46",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-4839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIGSI 4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.92"
}
]
}
},
{
"product_name": "EN100 Ethernet module DNP3 variant",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.05.00"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 104 variant",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 61850 variant",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.30"
}
]
}
},
{
"product_name": "EN100 Ethernet module Modbus TCP variant",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module PROFINET IO variant",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Other SIPROTEC 4 relays",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Other SIPROTEC Compact relays",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SD80",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.70"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ61",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ62",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ64",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ66",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.30"
}
]
}
},
{
"product_name": "SIPROTEC Compact 7SJ80",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.77"
}
]
}
},
{
"product_name": "SIPROTEC Compact 7SK80",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.77"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-326: Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-4839",
"datePublished": "2018-03-08T17:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:18:26.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-4839 (GCVE-0-2018-4839)
Vulnerability from nvd – Published: 2018-03-08 17:00 – Updated: 2024-08-05 05:18
VLAI?
Summary
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.
Severity ?
No CVSS data available.
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | DIGSI 4 |
Affected:
All versions < V4.92
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DIGSI 4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.92"
}
]
},
{
"product": "EN100 Ethernet module DNP3 variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.05.00"
}
]
},
{
"product": "EN100 Ethernet module IEC 104 variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "EN100 Ethernet module IEC 61850 variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.30"
}
]
},
{
"product": "EN100 Ethernet module Modbus TCP variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "EN100 Ethernet module PROFINET IO variant",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Other SIPROTEC 4 relays",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "Other SIPROTEC Compact relays",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIPROTEC 4 7SD80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.70"
}
]
},
{
"product": "SIPROTEC 4 7SJ61",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.96"
}
]
},
{
"product": "SIPROTEC 4 7SJ62",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.96"
}
]
},
{
"product": "SIPROTEC 4 7SJ64",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.96"
}
]
},
{
"product": "SIPROTEC 4 7SJ66",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.30"
}
]
},
{
"product": "SIPROTEC Compact 7SJ80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.77"
}
]
},
{
"product": "SIPROTEC Compact 7SK80",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.77"
}
]
}
],
"datePublic": "2018-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326: Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-13T11:02:46",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-4839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DIGSI 4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.92"
}
]
}
},
{
"product_name": "EN100 Ethernet module DNP3 variant",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.05.00"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 104 variant",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module IEC 61850 variant",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.30"
}
]
}
},
{
"product_name": "EN100 Ethernet module Modbus TCP variant",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "EN100 Ethernet module PROFINET IO variant",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Other SIPROTEC 4 relays",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "Other SIPROTEC Compact relays",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SD80",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.70"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ61",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ62",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ64",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.96"
}
]
}
},
{
"product_name": "SIPROTEC 4 7SJ66",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.30"
}
]
}
},
{
"product_name": "SIPROTEC Compact 7SJ80",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.77"
}
]
}
},
{
"product_name": "SIPROTEC Compact 7SK80",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.77"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-326: Inadequate Encryption Strength"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2018-4839",
"datePublished": "2018-03-08T17:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T05:18:26.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}