Search criteria
17 vulnerabilities found for SIPROTEC by Siemens
CERTFR-2025-AVI-0566
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V20 versions antérieures à V20 Update 3 | ||
| Siemens | SIPROTEC | SIPROTEC 5 toutes versions pour la vulnérabilité CVE-2025-40742 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V19 toutes versions pour la vulnérabilité CVE-2025-27127 | ||
| Siemens | SICAM | SICAM TOOLBOX II versions antérieures à V07.11 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V18 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-27127. | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) V17 toutes versions. L'éditeur indique que le produit ne bénéficiera pas de correctif de sécurité pour la vulnérabilité CVE-2025-27127. | ||
| Siemens | SIMATIC | SIMATIC CN 4100 versions antérieures à V4.0 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Totally Integrated Automation Portal (TIA Portal) V20 versions ant\u00e9rieures \u00e0 V20 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-40742",
"product": {
"name": "SIPROTEC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-27127",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM TOOLBOX II versions ant\u00e9rieures \u00e0 V07.11",
"product": {
"name": "SICAM",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) V18 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-27127.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) V17 toutes versions. L\u0027\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-27127.",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CN 4100 versions ant\u00e9rieures \u00e0 V4.0",
"product": {
"name": "SIMATIC",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-31853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31853"
},
{
"name": "CVE-2025-40593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40593"
},
{
"name": "CVE-2024-31854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31854"
},
{
"name": "CVE-2025-27127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27127"
},
{
"name": "CVE-2025-40742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40742"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0566",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-904646",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-904646.html"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-460466",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-460466.html"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-183963",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-183963.html"
},
{
"published_at": "2025-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-626991",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-626991.html"
}
]
}
VAR-201903-1129
Vulnerability from variot - Updated: 2023-12-18 13:48A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens The product firmware contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens EN100 Ethernet Communication module and SIPROTEC 5 Relays are prone to denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application or consume excess memory, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec 5 with cpu variant cp100",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.82"
},
{
"model": "en100 ethernet module with variant iec104",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module with variant iec 61850",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.35"
},
{
"model": "siprotec 5 with cpu variant cp300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.82"
},
{
"model": "en100 ethernet module with variant dnp3 tcp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 5 with cpu variant cp200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.58"
},
{
"model": "en100 ethernet module with variant profinet io",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module with variant modbus tcp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "cp100",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.82"
},
{
"model": "cp200",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.58"
},
{
"model": "cp300",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "7.82"
},
{
"model": "dnp3 tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 module",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "iec 61850",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "iec104",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "modbus tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "profinet io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "50"
},
{
"model": "profinet io for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec104 for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec cp300",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.82"
},
{
"model": "siprotec cp200",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.58"
},
{
"model": "siprotec cp100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.82"
},
{
"model": "en100 ethernet module iec",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "618504.35"
}
],
"sources": [
{
"db": "BID",
"id": "107007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "NVD",
"id": "CVE-2018-16563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp100:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.82",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp300:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.82",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp200:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.58",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ss85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ke85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_modbus_tcp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_profinet_io:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec104:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_dnp3_tcp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec_61850:4.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16563"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lars Lengersdorf from Amprion GmbH,Lars Lengersdorf from Amprion GmbH reported this vulnerability to Siemens.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
],
"trust": 0.6
},
"cve": "CVE-2018-16563",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16563",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-126935",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-16563",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-16563",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-537",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126935",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "NVD",
"id": "CVE-2018-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions \u003c V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens The product firmware contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens EN100 Ethernet Communication module and SIPROTEC 5 Relays are prone to denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application or consume excess memory, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-16563"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "BID",
"id": "107007"
},
{
"db": "VULHUB",
"id": "VHN-126935"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-16563",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-104088",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-19-043-02",
"trust": 1.7
},
{
"db": "BID",
"id": "107007",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-537",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0443",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-126935",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126935"
},
{
"db": "BID",
"id": "107007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "NVD",
"id": "CVE-2018-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
]
},
"id": "VAR-201903-1129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126935"
}
],
"trust": 0.7715277749999999
},
"last_update_date": "2023-12-18T13:48:00.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-104088",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89344"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-399",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126935"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "NVD",
"id": "CVE-2018-16563"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-16563"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-043-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16563"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-043-02"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/107007"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75470"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126935"
},
{
"db": "BID",
"id": "107007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "NVD",
"id": "CVE-2018-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126935"
},
{
"db": "BID",
"id": "107007"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"db": "NVD",
"id": "CVE-2018-16563"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-126935"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107007"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"date": "2019-03-21T16:00:22.420000",
"db": "NVD",
"id": "CVE-2018-16563"
},
{
"date": "2019-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-126935"
},
{
"date": "2019-02-12T00:00:00",
"db": "BID",
"id": "107007"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015215"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-16563"
},
{
"date": "2020-05-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Resource management vulnerabilities in product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015215"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-537"
}
],
"trust": 0.6
}
}
VAR-201803-2157
Vulnerability from variot - Updated: 2023-12-18 13:28A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SiemensDIGSI and others are products of Siemens AG. SiemensDIGSI is a configuration operating software for a microcomputer protection device. A security vulnerability exists in several Siemens products that stems from a program failing to authenticate important features. Siemens DIGSI, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2157",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "en100 ethernet module modbus tcp",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 104",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 4 7sj66",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "siprotec compact 7sj80",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "siprotec compact 7sk80",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "digsi 4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.92"
},
{
"model": "en100 ethernet module iec 61850",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "digsi 4",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 104",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 61850",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module modbus tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "digsi",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "44.92"
},
{
"model": "en100 ethernet module iec variant",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "61850\u003c4.30"
},
{
"model": "en100 ethernet module profinet io variant",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module modbus tcp variant",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3 variant",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec variant",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "104"
},
{
"model": "siprotec compact 7sk80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sj80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sj64",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sj62",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sj61",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sd80",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "en100 ethernet module profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "en100 ethernet module iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100 ethernet module dnp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "digsi",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "siprotec compact 7sk80",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "siprotec compact 7sj80",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "siprotec 7sj66",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.30"
},
{
"model": "siprotec 7sj64",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.96"
},
{
"model": "siprotec 7sj61",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.96"
},
{
"model": "siprotec 7sd80",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.70"
},
{
"model": "en100 ethernet module iec",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "618504.30"
},
{
"model": "en100 ethernet module dnp3",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "digsi",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.92"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec compact 7sj80",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec compact 7sk80",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec 4 7sj66",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "digsi 4",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module iec 104",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module dnp3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module modbus tcp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module profinet io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module iec 61850",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_compact_7sj80_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.77",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_7sj80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_compact_7sk80_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.77",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_7sk80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_4_7sj66_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_4_7sj66:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:digsi_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.92",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_iec_104_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_iec_104:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_dnp3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_dnp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_modbus_tcp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_modbus_tcp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_profinet_io_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_profinet_io:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_iec_61850_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_iec_61850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4840"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Dmitry Sklyarov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "107481"
}
],
"trust": 0.3
},
"cve": "CVE-2018-4840",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4840",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-05156",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-134871",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4840",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4840",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-05156",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-228",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134871",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "VULHUB",
"id": "VHN-134871"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SiemensDIGSI and others are products of Siemens AG. SiemensDIGSI is a configuration operating software for a microcomputer protection device. A security vulnerability exists in several Siemens products that stems from a program failing to authenticate important features. Siemens DIGSI, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-134871"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4840",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-067-01",
"trust": 3.0
},
{
"db": "SIEMENS",
"id": "SSA-203306",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-05156",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721",
"trust": 0.8
},
{
"db": "BID",
"id": "107481",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2E54D62-39AB-11E9-854B-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-134871",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "VULHUB",
"id": "VHN-134871"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"id": "VAR-201803-2157",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "VULHUB",
"id": "VHN-134871"
}
],
"trust": 1.6392756275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
}
]
},
"last_update_date": "2023-12-18T13:28:58.785000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-203306",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
},
{
"title": "Siemens multiple product file upload vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121353"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78964"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134871"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "NVD",
"id": "CVE-2018-4840"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-067-01"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4840"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4840"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec4/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec-compact/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "VULHUB",
"id": "VHN-134871"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"db": "VULHUB",
"id": "VHN-134871"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"date": "2018-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-134871"
},
{
"date": "2018-03-08T00:00:00",
"db": "BID",
"id": "107481"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"date": "2018-03-08T17:29:00.307000",
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05156"
},
{
"date": "2021-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-134871"
},
{
"date": "2018-03-08T00:00:00",
"db": "BID",
"id": "107481"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002721"
},
{
"date": "2021-07-13T12:15:09.093000",
"db": "NVD",
"id": "CVE-2018-4840"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Multiple Product File Upload Vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05156"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2e54d62-39ab-11e9-854b-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-228"
}
],
"trust": 0.8
}
}
VAR-201803-2155
Vulnerability from variot - Updated: 2023-12-18 13:28A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SIPROTEC 4, SIPROTEC Compact and Reyrolle equipment offer a wide range of centralized protection, control and automation functions for substations and other applications. Multiple Siemens EN100 Ethernet Modules are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. A security vulnerability exists in the web interface (TCP/80) in several Siemens products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2155",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "en100 ethernet module modbus tcp",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 104",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 61850",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "en100 ethernet module dnp3",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 104",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 61850",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module modbus tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "iec",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "61850\u003cv4.30"
},
{
"model": "profinet io",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "modbus tcp",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "dnp3",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "iec",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "104"
},
{
"model": "siprotec compact",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "reyrolle",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "en100 ethernet module iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100 ethernet module dnp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module iec",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "618504.30"
},
{
"model": "iec siemens profinet io *siemens modbus tcp *siemens dnp3 *siemens iec",
"scope": "eq",
"trust": 0.2,
"vendor": "siemens",
"version": "61850104"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "BID",
"id": "103379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_iec_104_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_iec_104:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_dnp3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_dnp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_modbus_tcp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_modbus_tcp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_profinet_io_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_profinet_io:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_iec_61850_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_iec_61850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4838"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Alexey Stennikov from Positive Technologies",
"sources": [
{
"db": "BID",
"id": "103379"
}
],
"trust": 0.3
},
"cve": "CVE-2018-4838",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4838",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-04834",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-134869",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-4838",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4838",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-04834",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-230",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-134869",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "VULHUB",
"id": "VHN-134869"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SIPROTEC 4, SIPROTEC Compact and Reyrolle equipment offer a wide range of centralized protection, control and automation functions for substations and other applications. Multiple Siemens EN100 Ethernet Modules are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. A security vulnerability exists in the web interface (TCP/80) in several Siemens products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "BID",
"id": "103379"
},
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-134869"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4838",
"trust": 3.6
},
{
"db": "BID",
"id": "103379",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-845879",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-067-02",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-067-01",
"trust": 1.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-04834",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2E52650-39AB-11E9-AD8D-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-134869",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "VULHUB",
"id": "VHN-134869"
},
{
"db": "BID",
"id": "103379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"id": "VAR-201803-2155",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "VULHUB",
"id": "VHN-134869"
}
],
"trust": 1.6314814666666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04834"
}
]
},
"last_update_date": "2023-12-18T13:28:58.709000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-845879",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
},
{
"title": "Patches for unauthorized operating vulnerabilities in multiple Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/120859"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78966"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134869"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "NVD",
"id": "CVE-2018-4838"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
},
{
"trust": 1.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-067-02"
},
{
"trust": 1.7,
"url": "https://www.securityfocus.com/bid/103379"
},
{
"trust": 1.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-067-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4838"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4838"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "VULHUB",
"id": "VHN-134869"
},
{
"db": "BID",
"id": "103379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"db": "VULHUB",
"id": "VHN-134869"
},
{
"db": "BID",
"id": "103379"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"date": "2018-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-134869"
},
{
"date": "2018-03-08T00:00:00",
"db": "BID",
"id": "103379"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"date": "2018-03-08T17:29:00.210000",
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04834"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-134869"
},
{
"date": "2018-03-08T00:00:00",
"db": "BID",
"id": "103379"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002719"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-4838"
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002719"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "e2e52650-39ab-11e9-ad8d-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-230"
}
],
"trust": 0.8
}
}
VAR-201803-2156
Vulnerability from variot - Updated: 2023-12-18 13:28A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. plural Siemens The product contains an authorization vulnerability.Information may be obtained. Siemens DIGSI and others are products of Siemens AG. The Siemens DIGSI is a configuration operating software for the microcomputer protection. EN100 Ethernet module The IEC 61850 variant is an Ethernet module product. Security vulnerabilities exist in several Siemens products. An attacker could exploit the vulnerability to re-establish an access authorization password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-2156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec compact 7sk80",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "siprotec compact 7sj80",
"scope": "lt",
"trust": 1.8,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "en100 ethernet module modbus tcp",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 104",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sk80",
"scope": null,
"trust": 1.1,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sj80",
"scope": null,
"trust": 1.1,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 4 7sj66",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "digsi 4",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.92"
},
{
"model": "en100 ethernet module iec 61850",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "digsi",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "44.92"
},
{
"model": "en100 ethernet module iec variant",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "61850\u003c4.30"
},
{
"model": "siprotec compact 7sj66",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "digsi 4",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 104",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 61850",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module modbus tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 4 7sj66",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io variant",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module modbus tcp variant",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3 variant",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec variant",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "104"
},
{
"model": "siprotec compact",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sj64",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sj62",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sj61",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec 7sd80",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "en100 ethernet module profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "en100 ethernet module iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100 ethernet module dnp3",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "digsi",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "siprotec compact 7sk80",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "siprotec compact 7sj80",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.77"
},
{
"model": "siprotec 7sj66",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.30"
},
{
"model": "siprotec 7sj64",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.96"
},
{
"model": "siprotec 7sj61",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.96"
},
{
"model": "siprotec 7sd80",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.70"
},
{
"model": "en100 ethernet module iec",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "618504.30"
},
{
"model": "en100 ethernet module dnp3",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.30"
},
{
"model": "digsi",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "44.92"
},
{
"model": "en100 ethernet module profinet io variant",
"scope": "eq",
"trust": 0.2,
"vendor": "siemens",
"version": "*"
},
{
"model": "en100 ethernet module modbus tcp variant",
"scope": "eq",
"trust": 0.2,
"vendor": "siemens",
"version": "*"
},
{
"model": "en100 ethernet module dnp3 variant",
"scope": "eq",
"trust": 0.2,
"vendor": "siemens",
"version": "*"
},
{
"model": "en100 ethernet module iec variant",
"scope": "eq",
"trust": 0.2,
"vendor": "siemens",
"version": "104*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_compact_7sj80_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.77",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_7sj80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_compact_7sk80_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.77",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_7sk80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_4_7sj66_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_4_7sj66:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:digsi_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.92",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_iec_104_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_iec_104:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_dnp3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_dnp3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_modbus_tcp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_modbus_tcp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_profinet_io_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_profinet_io:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:en100_ethernet_module_iec_61850_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module_iec_61850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4839"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ilya Karpov and Dmitry Sklyarov from Positive Technologies.",
"sources": [
{
"db": "BID",
"id": "107481"
}
],
"trust": 0.3
},
"cve": "CVE-2018-4839",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4839",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-05196",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-134870",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4839",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4839",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-05196",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-229",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-134870",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "VULHUB",
"id": "VHN-134870"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. plural Siemens The product contains an authorization vulnerability.Information may be obtained. Siemens DIGSI and others are products of Siemens AG. The Siemens DIGSI is a configuration operating software for the microcomputer protection. EN100 Ethernet module The IEC 61850 variant is an Ethernet module product. Security vulnerabilities exist in several Siemens products. An attacker could exploit the vulnerability to re-establish an access authorization password",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-134870"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4839",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-18-067-01",
"trust": 3.0
},
{
"db": "SIEMENS",
"id": "SSA-203306",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-05196",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-229",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720",
"trust": 0.8
},
{
"db": "BID",
"id": "107481",
"trust": 0.3
},
{
"db": "IVD",
"id": "E2E5E9A1-39AB-11E9-9407-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-134870",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "VULHUB",
"id": "VHN-134870"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"id": "VAR-201803-2156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "VULHUB",
"id": "VHN-134870"
}
],
"trust": 1.6392756275
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05196"
}
]
},
"last_update_date": "2023-12-18T13:28:58.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-203306",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
},
{
"title": "Patches for unidentified vulnerabilities in various Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/121391"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78965"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.1
},
{
"problemtype": "CWE-285",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-134870"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "NVD",
"id": "CVE-2018-4839"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-067-01"
},
{
"trust": 2.0,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4839"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4839"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec4/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec-compact/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "VULHUB",
"id": "VHN-134870"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"db": "VULHUB",
"id": "VHN-134870"
},
{
"db": "BID",
"id": "107481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "IVD",
"id": "e2e5e9a1-39ab-11e9-9407-000c29342cb1"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"date": "2018-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-134870"
},
{
"date": "2018-03-08T00:00:00",
"db": "BID",
"id": "107481"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"date": "2018-03-08T17:29:00.257000",
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"date": "2018-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05196"
},
{
"date": "2021-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-134870"
},
{
"date": "2018-03-08T00:00:00",
"db": "BID",
"id": "107481"
},
{
"date": "2018-04-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-002720"
},
{
"date": "2021-07-13T12:15:08.987000",
"db": "NVD",
"id": "CVE-2018-4839"
},
{
"date": "2021-07-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Authorization vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-002720"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-229"
}
],
"trust": 0.6
}
}
VAR-201807-1340
Vulnerability from variot - Updated: 2023-12-18 12:50A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens There is an input validation vulnerability in the product firmware.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens EN100 Ethernet Communication Module and SIPROTEC 5 relays are products of Siemens AG, Germany. The Siemens EN100 Ethernet Communication Module is an Ethernet module. SIPROTEC 5 relays are a relay. A denial of service vulnerability exists in the Siemens EN100 Ethernet Communication Module and SIPROTEC 5 relays. Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "profinet io",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "iec104",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp200",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "iec 61850",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.33"
},
{
"model": "cp100",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.80"
},
{
"model": "cp300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.80"
},
{
"model": "cp100",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "cp200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "cp300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module dnp3",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 104",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module iec 61850",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module modbus tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module profinet io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "variant iec for en100 ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "61850\u003cv4.33"
},
{
"model": "variant profinet io for en100 ether- net module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "variant modbus tcp for en100 ether- net module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "variant dnp3 tcp for en100 ethernet module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "variant iec104 for en100 ethernet module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec relays with cpu variants cp300 and cp100 and the respective ethernet commu- nication modules",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5\u003cv7.80"
},
{
"model": "siprotec relays with cpu variants cp200 and the respective ethernet communication mod- ules",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5\u003cv7.58"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "50"
},
{
"model": "profinet io for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec104 for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "siprotec cp300",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.80"
},
{
"model": "siprotec cp200",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.58"
},
{
"model": "siprotec cp100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.80"
},
{
"model": "iec for en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "618504.33"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dnp3 tcp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iec104",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iec 61850",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus tcp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "profinet io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp300",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:dnp3_tcp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:modbus_tcp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:profinet_io_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:iec_61850_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.33",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:iec104_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.80",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:cp300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.80",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:cp200_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ss85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ke85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11451"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Victor Nikitin, and Ilya Karpov from ScadaX, Vladislav Suchkov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
],
"trust": 0.6
},
"cve": "CVE-2018-11451",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-11451",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-25425",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d828321-463f-11e9-bc16-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-121312",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-11451",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11451",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-25425",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1730",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121312",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "VULHUB",
"id": "VHN-121312"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions \u003c V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions \u003c V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens There is an input validation vulnerability in the product firmware.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens EN100 Ethernet Communication Module and SIPROTEC 5 relays are products of Siemens AG, Germany. The Siemens EN100 Ethernet Communication Module is an Ethernet module. SIPROTEC 5 relays are a relay. A denial of service vulnerability exists in the Siemens EN100 Ethernet Communication Module and SIPROTEC 5 relays. \nAttackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121312"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11451",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-635129",
"trust": 2.6
},
{
"db": "BID",
"id": "106221",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-325546",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-347-02",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-038-02",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-25425",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D828321-463F-11E9-BC16-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121312",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "VULHUB",
"id": "VHN-121312"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"id": "VAR-201807-1340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "VULHUB",
"id": "VHN-121312"
}
],
"trust": 1.6473678285714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25425"
}
]
},
"last_update_date": "2023-12-18T12:50:37.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-635129",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf"
},
{
"title": "Patch for Siemens EN100 Ethernet Communication Module and SIPROTEC 5 relays denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/147343"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82546"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121312"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "NVD",
"id": "CVE-2018-11451"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.securityfocus.com/bid/106221"
},
{
"trust": 2.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-347-02"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-038-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11451"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11451"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "VULHUB",
"id": "VHN-121312"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"db": "VULHUB",
"id": "VHN-121312"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"date": "2018-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121312"
},
{
"date": "2018-07-11T00:00:00",
"db": "BID",
"id": "106221"
},
{
"date": "2018-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"date": "2018-07-23T21:29:00.237000",
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"date": "2018-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25425"
},
{
"date": "2019-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-121312"
},
{
"date": "2019-02-11T07:00:00",
"db": "BID",
"id": "106221"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008870"
},
{
"date": "2019-03-22T17:29:02.297000",
"db": "NVD",
"id": "CVE-2018-11451"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Vulnerability related to input validation in product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008870"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "7d828321-463f-11e9-bc16-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1730"
}
],
"trust": 0.8
}
}
VAR-201807-1341
Vulnerability from variot - Updated: 2023-12-18 12:50A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens The product firmware contains an input validation vulnerability.Denial of service (DoS) May be in a state. The Siemens EN100 Ethernet Communication Module is an Ethernet module from Siemens AG. A denial of service vulnerability exists in the Siemens EN100 Ethernet Communication Module. Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "profinet io",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "iec104",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "cp200",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "iec 61850",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.33"
},
{
"model": "cp100",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.80"
},
{
"model": "cp300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.80"
},
{
"model": "cp100",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "cp200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "cp300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "dnp3 tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "iec 61850",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v4.33"
},
{
"model": "iec104",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "modbus tcp",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "profinet io",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "variant iec for en100 ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "61850\u003cv4.33"
},
{
"model": "variant profinet io for en100 ether- net module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "variant modbus tcp for en100 ether- net module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "variant dnp3 tcp for en100 ethernet module",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "50"
},
{
"model": "profinet io for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec104 for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "siprotec cp300",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.80"
},
{
"model": "siprotec cp200",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.58"
},
{
"model": "siprotec cp100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "57.80"
},
{
"model": "iec for en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "618504.33"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dnp3 tcp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iec104",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "iec 61850",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "modbus tcp",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "profinet io",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp100",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp200",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "cp300",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:profinet_io_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:iec_61850_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.33",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:iec104_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:dnp3_tcp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:modbus_tcp_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:cp300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.80",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:cp200_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:siemens:cp100_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ss85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ke85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11452"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Victor Nikitin, and Ilya Karpov from ScadaX, Vladislav Suchkov",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
],
"trust": 0.6
},
"cve": "CVE-2018-11452",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-11452",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-25426",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7d8198c1-463f-11e9-8941-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-121313",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-11452",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-11452",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-25426",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1729",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121313",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "VULHUB",
"id": "VHN-121313"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions \u003c V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions \u003c V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens The product firmware contains an input validation vulnerability.Denial of service (DoS) May be in a state. The Siemens EN100 Ethernet Communication Module is an Ethernet module from Siemens AG. A denial of service vulnerability exists in the Siemens EN100 Ethernet Communication Module. \nAttackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-121313"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11452",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-635129",
"trust": 2.6
},
{
"db": "BID",
"id": "106221",
"trust": 2.0
},
{
"db": "SIEMENS",
"id": "SSA-325546",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSA-18-347-02",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-19-038-02",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-25426",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D8198C1-463F-11E9-8941-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121313",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "VULHUB",
"id": "VHN-121313"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"id": "VAR-201807-1341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "VULHUB",
"id": "VHN-121313"
}
],
"trust": 1.775
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
}
]
},
"last_update_date": "2023-12-18T12:50:37.432000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-635129",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf"
},
{
"title": "Siemens EN100 Ethernet Communication Module patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/147345"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=82545"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121313"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "NVD",
"id": "CVE-2018-11452"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.securityfocus.com/bid/106221"
},
{
"trust": 2.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-347-02"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-038-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11452"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11452"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "VULHUB",
"id": "VHN-121313"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"db": "VULHUB",
"id": "VHN-121313"
},
{
"db": "BID",
"id": "106221"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"date": "2018-07-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121313"
},
{
"date": "2018-07-11T00:00:00",
"db": "BID",
"id": "106221"
},
{
"date": "2018-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"date": "2018-07-23T21:29:00.283000",
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"date": "2018-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-25426"
},
{
"date": "2019-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-121313"
},
{
"date": "2019-02-11T07:00:00",
"db": "BID",
"id": "106221"
},
{
"date": "2019-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008841"
},
{
"date": "2019-03-22T17:29:02.907000",
"db": "NVD",
"id": "CVE-2018-11452"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens EN100 Ethernet Communication Module Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-25426"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "7d8198c1-463f-11e9-8941-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1729"
}
],
"trust": 0.8
}
}
VAR-201907-1453
Vulnerability from variot - Updated: 2023-12-18 12:50A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. SIPROTEC 5 Device and DIGSI 5 engineering software Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. There are unexplained vulnerabilities in several Siemens products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1453",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec 5 digsi device driver",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.90"
},
{
"model": "digsi 5 engineering software",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "7.90"
},
{
"model": "digsi 5 engineering software",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 5 digsi device driver",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "digsi",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5\u003cv7.90"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "digsi 5 engineering",
"version": "7.90"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec 5 digsi device driver",
"version": "7.90"
}
],
"sources": [
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "NVD",
"id": "CVE-2019-10930"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:digsi_5_engineering_software:7.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:7.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10930"
}
]
},
"cve": "CVE-2019-10930",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10930",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-22237",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10930",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10930",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-22237",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-516",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "NVD",
"id": "CVE-2019-10930"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions). A remote attacker could use specially crafted packets sent to port 443/TCP to upload, download or delete files in certain parts of the file system. SIPROTEC 5 Device and DIGSI 5 engineering software Contains a vulnerability related to unlimited uploads of dangerous types of files.Information may be tampered with. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. There are unexplained vulnerabilities in several Siemens products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10930"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10930",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-899560",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-190-05",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-22237",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-516",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2525",
"trust": 0.6
},
{
"db": "IVD",
"id": "EA3A54D8-AC1E-48AE-B00D-1A02DFDE6E0E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "NVD",
"id": "CVE-2019-10930"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
]
},
"id": "VAR-201907-1453",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-22237"
}
],
"trust": 1.4764706
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-22237"
}
]
},
"last_update_date": "2023-12-18T12:50:10.746000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-899560",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
},
{
"title": "Patches for unidentified vulnerabilities in various Siemens products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/168529"
},
{
"title": "Multiple Siemens Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=94650"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "NVD",
"id": "CVE-2019-10930"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-190-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10930"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10930"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2525/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "NVD",
"id": "CVE-2019-10930"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"db": "NVD",
"id": "CVE-2019-10930"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-12T00:00:00",
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"date": "2019-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"date": "2019-07-11T22:15:11.560000",
"db": "NVD",
"id": "CVE-2019-10930"
},
{
"date": "2019-07-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22237"
},
{
"date": "2019-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006588"
},
{
"date": "2020-06-10T17:15:10.690000",
"db": "NVD",
"id": "CVE-2019-10930"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIPROTEC 5 Device and DIGSI 5 engineering software Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "ea3a54d8-ac1e-48ae-b00d-1a02dfde6e0e"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-516"
}
],
"trust": 0.8
}
}
VAR-201907-1639
Vulnerability from variot - Updated: 2023-12-18 12:50A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions < V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition. SIPROTEC 5 Device and DIGSI 5 engineering software Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. A denial of service vulnerability exists in SiemensSIPROTEC5 and SiemensDIGISI5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201907-1639",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec 5 digsi device driver",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.01"
},
{
"model": "digsi 5 engineering software",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.90"
},
{
"model": "siprotec 5 digsi device driver",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.90"
},
{
"model": "digsi 5 engineering software",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 5 digsi device driver",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "digsi",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5\u003cv7.90"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "digsi 5 engineering",
"version": "7.90"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec 5 digsi device driver",
"version": "7.90"
}
],
"sources": [
{
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
},
{
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"db": "NVD",
"id": "CVE-2019-10931"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.90",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:7ke85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ss85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:digsi_5_engineering_software:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.90",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10931"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pierre Capillon and Jean-Baptiste Galet from ANSSI, Nicolas Iooss",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10931",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10931",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-22240",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "4de0b993-d42c-4246-9afa-1db853a07e02",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-10931",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10931",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-22240",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-538",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
},
{
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"db": "NVD",
"id": "CVE-2019-10931"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions \u003c V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions \u003c V7.90), SIPROTEC 5 device types 7SS85 and 7KE85 (All versions \u003c V8.01), SIPROTEC 5 device types with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.59), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions \u003c V7.59). Specially crafted packets sent to port 443/TCP could cause a Denial of Service condition. SIPROTEC 5 Device and DIGSI 5 engineering software Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens SIPROTEC 5 and Siemens DIGISI 5 are products of Siemens AG, Germany. The SiemensSIPROTEC5 is a multi-function relay. The SiemensDIGISI5 is a user interface for Siemens SIPROTEC devices. A denial of service vulnerability exists in SiemensSIPROTEC5 and SiemensDIGISI5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10931"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10931",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-899560",
"trust": 2.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-190-05",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-22240",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-538",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.2525",
"trust": 0.6
},
{
"db": "IVD",
"id": "4DE0B993-D42C-4246-9AFA-1DB853A07E02",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
},
{
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"db": "NVD",
"id": "CVE-2019-10931"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
]
},
"id": "VAR-201907-1639",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
},
{
"db": "CNVD",
"id": "CNVD-2019-22240"
}
],
"trust": 1.4764706
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
},
{
"db": "CNVD",
"id": "CNVD-2019-22240"
}
]
},
"last_update_date": "2023-12-18T12:50:10.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-899560",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
},
{
"title": "Patch for SiemensSIPROTEC5 and SiemensDIGISI5 Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/168535"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"db": "NVD",
"id": "CVE-2019-10931"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-190-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10931"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10931"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2525/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"db": "NVD",
"id": "CVE-2019-10931"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
},
{
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"db": "NVD",
"id": "CVE-2019-10931"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-12T00:00:00",
"db": "IVD",
"id": "4de0b993-d42c-4246-9afa-1db853a07e02"
},
{
"date": "2019-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"date": "2019-07-11T22:15:11.640000",
"db": "NVD",
"id": "CVE-2019-10931"
},
{
"date": "2019-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22240"
},
{
"date": "2019-08-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006589"
},
{
"date": "2021-10-28T13:29:12.980000",
"db": "NVD",
"id": "CVE-2019-10931"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIPROTEC 5 Device and DIGSI 5 engineering software Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006589"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-538"
}
],
"trust": 0.6
}
}
VAR-201605-0271
Vulnerability from variot - Updated: 2023-12-18 12:05A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices. SiemensSIPROTEC4 is a multi-function relay series; SIPROTECCompact is a microcomputer protection device. An information disclosure vulnerability exists in the integrated web server of SIPROTEC4 and SIPROTECCompact. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. EN100 is one of the multi-format encoder modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.26"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "4.27"
},
{
"model": "siprotec 4",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "en100 module"
},
{
"model": "siprotec compact",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module included in siprotec and siprotec compact",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4\u003c=4.26"
},
{
"model": "reyrolle",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec compact model 7sk80",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact model 7sj80",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact model 7sk81",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact model 7rw80",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact model 7sj81",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact model",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact model 7sd80",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 4 en100",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "tpop for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec compact 7sk81",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sk80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sj81",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sj80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sd80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7rw80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 7ut686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sd686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.9"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.26"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.25"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.24"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.23"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.22"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.21"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.19"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.18"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.17"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.16"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.15"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.14"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.13"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.12"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.11"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.10"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "tpop for en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "profinet io",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.4.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.27"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100 ethernet module",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec",
"version": "4.26"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_4_en100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_firmware:4.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sj81:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sk81:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7rw80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sj80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sk80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sd80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4785"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aleksandr Bersenev from HackerDom team and Pavel Toporkov from Kaspersky Lab,Aleksandr Bersenev from HackerDom team , Aleksandr Bersenev from HackerDom team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4785",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03386",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "567d4166-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93604",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4785",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4785",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03386",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-542",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93604",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "VULHUB",
"id": "VHN-93604"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions \u003c V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions \u003c V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions \u003c V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions \u003c V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions \u003c 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices. SiemensSIPROTEC4 is a multi-function relay series; SIPROTECCompact is a microcomputer protection device. An information disclosure vulnerability exists in the integrated web server of SIPROTEC4 and SIPROTECCompact. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: :\n1. Multiple information-disclosure vulnerabilities\n2. A denial-of-service vulnerability\n3. Multiple authentication-bypass vulnerabilities\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. EN100 is one of the multi-format encoder modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-93604"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4785",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-16-140-02",
"trust": 2.8
},
{
"db": "SIEMENS",
"id": "SSA-547990",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-03",
"trust": 2.2
},
{
"db": "BID",
"id": "90773",
"trust": 2.0
},
{
"db": "BID",
"id": "99471",
"trust": 1.4
},
{
"db": "SIEMENS",
"id": "SSA-323211",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-334-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201605-542",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-03386",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-02",
"trust": 0.6
},
{
"db": "IVD",
"id": "567D4166-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93604",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "VULHUB",
"id": "VHN-93604"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"id": "VAR-201605-0271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "VULHUB",
"id": "VHN-93604"
}
],
"trust": 1.5919913239999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03386"
}
]
},
"last_update_date": "2023-12-18T12:05:39.910000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-547990",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf"
},
{
"title": "Patch for SiemensSIPROTEC4andSIPROTEC Information Disclosure Vulnerability (CNVD-2016-03386)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/76219"
},
{
"title": "Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Repair measures for module security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61856"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93604"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "NVD",
"id": "CVE-2016-4785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-140-02"
},
{
"trust": 2.3,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/90773"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/99471"
},
{
"trust": 1.1,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-334-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4785"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4785"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-02"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec4/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec-compact/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "VULHUB",
"id": "VHN-93604"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"db": "VULHUB",
"id": "VHN-93604"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "IVD",
"id": "567d4166-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-93604"
},
{
"date": "2016-05-19T00:00:00",
"db": "BID",
"id": "90773"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2016-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"date": "2016-05-31T01:59:14.227000",
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"date": "2016-05-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03386"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-93604"
},
{
"date": "2019-02-11T16:00:00",
"db": "BID",
"id": "90773"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002975"
},
{
"date": "2018-03-23T01:29:00.743000",
"db": "NVD",
"id": "CVE-2016-4785"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIPROTEC 4 and SIPROTEC Compact Run on device EN100 Ethernet Vulnerability in module where important information is obtained",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002975"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-542"
}
],
"trust": 0.6
}
}
VAR-201609-0491
Vulnerability from variot - Updated: 2023-12-18 12:05A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.Unspecified by a third party HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0491",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "en100 ethernet module",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.28"
},
{
"model": "en100 module",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 module",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "siprotec compact \u003cen100 ethernet",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "siprotec \u003cen100 ethernet",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "44.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.28"
},
{
"model": "siprotec compact",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7ut686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sd686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "profinet io",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.4.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "reyrolle",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100 ethernet module",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "BID",
"id": "92747"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:en100_ethernet_module_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.28",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92747"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-7112",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-07252",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95932",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-7112",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7112",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-07252",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-040",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95932",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "VULHUB",
"id": "VHN-95932"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions \u003c V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions \u003c V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions \u003c V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions \u003c V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions \u003c 1.02.02. Attackers with network access to the device\u0027s web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.Unspecified by a third party HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: :\n1. Multiple information-disclosure vulnerabilities\n2. A denial-of-service vulnerability\n3. Multiple authentication-bypass vulnerabilities\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "BID",
"id": "92747"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"db": "VULHUB",
"id": "VHN-95932"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7112",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-630413",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-03",
"trust": 2.2
},
{
"db": "BID",
"id": "92747",
"trust": 2.0
},
{
"db": "BID",
"id": "99471",
"trust": 1.4
},
{
"db": "SIEMENS",
"id": "SSA-323211",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-250-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201609-040",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-07252",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-334-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-02",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "34720",
"trust": 0.6
},
{
"db": "IVD",
"id": "1307E109-EC55-4A56-8C42-5BDB6D92DAA3",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-95932",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "VULHUB",
"id": "VHN-95932"
},
{
"db": "BID",
"id": "92747"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"id": "VAR-201609-0491",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "VULHUB",
"id": "VHN-95932"
}
],
"trust": 1.6935605900000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"db": "CNVD",
"id": "CNVD-2016-07252"
}
]
},
"last_update_date": "2023-12-18T12:05:38.483000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-630413",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"title": "Patch for Siemens SIPROTEC 4/SIPROTEC Compact Authentication Bypass Vulnerability (CNVD-2016-07252)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81145"
},
{
"title": "Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Repair measures for module security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63877"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95932"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "NVD",
"id": "CVE-2016-7112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92747"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/99471"
},
{
"trust": 1.1,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-250-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7112"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-334-01"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7112"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-02"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34720"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "VULHUB",
"id": "VHN-95932"
},
{
"db": "BID",
"id": "92747"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"db": "VULHUB",
"id": "VHN-95932"
},
{
"db": "BID",
"id": "92747"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "IVD",
"id": "1307e109-ec55-4a56-8c42-5bdb6d92daa3"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"date": "2016-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95932"
},
{
"date": "2016-09-05T00:00:00",
"db": "BID",
"id": "92747"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"date": "2016-09-06T00:59:00.117000",
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07252"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-95932"
},
{
"date": "2017-07-11T12:06:00",
"db": "BID",
"id": "92747"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004537"
},
{
"date": "2018-03-23T01:29:00.947000",
"db": "NVD",
"id": "CVE-2016-7112"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "92747"
},
{
"db": "BID",
"id": "99471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet Vulnerabilities that prevent authentication in modules",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004537"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-040"
}
],
"trust": 0.6
}
}
VAR-201609-0493
Vulnerability from variot - Updated: 2023-12-18 12:05A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.By a third party, unspecified during the authentication session HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. EN100 Ethernet Module prior to 4.29.01 are vulnerable. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0493",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.28"
},
{
"model": "en100 module",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 module",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "siprotec compact \u003cen100 ethernet",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "siprotec \u003cen100 ethernet",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "44.29"
},
{
"model": "reyrolle",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec compact",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7ut686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sd686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "profinet io",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.4.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100 ethernet module",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module",
"version": "4.28"
}
],
"sources": [
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "BID",
"id": "92745"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:en100_ethernet_module_firmware:4.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7114"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92745"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7114",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-7114",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-07251",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6587e038-6394-4a4e-a365-44f992122a59",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-95934",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-7114",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7114",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-07251",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-042",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95934",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "VULHUB",
"id": "VHN-95934"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions \u003c V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions \u003c V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions \u003c V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions \u003c V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions \u003c 1.02.02; SIPROTEC 7SJ686 : All versions \u003c V 4.87; SIPROTEC 7UT686 : All versions \u003c V 4.02; SIPROTEC 7SD686 : All versions \u003c V 4.05; SIPROTEC 7SJ66 : All versions \u003c V 4.30. Attackers with network access to the device\u0027s web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.By a third party, unspecified during the authentication session HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: :\n1. Multiple information-disclosure vulnerabilities\n2. A denial-of-service vulnerability\n3. Multiple authentication-bypass vulnerabilities\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. \nEN100 Ethernet Module prior to 4.29.01 are vulnerable. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "BID",
"id": "92745"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "VULHUB",
"id": "VHN-95934"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7114",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-630413",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-03",
"trust": 2.2
},
{
"db": "BID",
"id": "92745",
"trust": 2.0
},
{
"db": "BID",
"id": "99471",
"trust": 1.4
},
{
"db": "SIEMENS",
"id": "SSA-323211",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-250-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201609-042",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-07251",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-334-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-02",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "34718",
"trust": 0.6
},
{
"db": "IVD",
"id": "6587E038-6394-4A4E-A365-44F992122A59",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-95934",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "VULHUB",
"id": "VHN-95934"
},
{
"db": "BID",
"id": "92745"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"id": "VAR-201609-0493",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "VULHUB",
"id": "VHN-95934"
}
],
"trust": 1.6935605900000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
}
]
},
"last_update_date": "2023-12-18T12:05:38.622000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-630413",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"title": "Siemens SIPROTEC 4/SIPROTEC Compact authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81146"
},
{
"title": "Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Repair measures for module security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63879"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-399",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95934"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "NVD",
"id": "CVE-2016-7114"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92745"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/99471"
},
{
"trust": 1.1,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-250-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7114"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-334-01"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7114"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-02"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34718"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "VULHUB",
"id": "VHN-95934"
},
{
"db": "BID",
"id": "92745"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"db": "VULHUB",
"id": "VHN-95934"
},
{
"db": "BID",
"id": "92745"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"date": "2016-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95934"
},
{
"date": "2016-09-05T00:00:00",
"db": "BID",
"id": "92745"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"date": "2016-09-06T00:59:02.977000",
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07251"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-95934"
},
{
"date": "2017-07-11T12:06:00",
"db": "BID",
"id": "92745"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004539"
},
{
"date": "2018-03-23T01:29:01.117000",
"db": "NVD",
"id": "CVE-2016-7114"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "92745"
},
{
"db": "BID",
"id": "99471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIPROTEC 4/SIPROTEC Compact Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "6587e038-6394-4a4e-a365-44f992122a59"
},
{
"db": "CNVD",
"id": "CNVD-2016-07251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-042"
}
],
"trust": 0.6
}
}
VAR-201609-0492
Vulnerability from variot - Updated: 2023-12-18 12:05A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet Module contains service disruption ( Transition to defect mode (defect-mode transition)) There are vulnerabilities that are put into a state.Skillfully crafted by a third party HTTP Service disruption via packets ( Transition to defect mode (defect-mode transition)) There is a possibility of being put into a state. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. Siemens SIPROTEC 4, SIPROTEC Compact, a denial of service vulnerability exists in versions prior to EN100 Ethernet 4.29. A remote attacker can cause a denial of service by constructing an HTTP packet. An attacker can exploit this issue to cause denial-of-service conditions. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0492",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.28"
},
{
"model": "en100 module",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 module",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "siprotec compact \u003cen100 ethernet",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "siprotec \u003cen100 ethernet",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "44.29"
},
{
"model": "reyrolle",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "0"
},
{
"model": "softnet profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec compact",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7ut686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sd686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "profinet io",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.4.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100 ethernet module",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "en100 ethernet module",
"version": "4.28"
}
],
"sources": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "BID",
"id": "92748"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:en100_ethernet_module_firmware:4.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7113"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "92748"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7113",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-7113",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-07253",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95933",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-7113",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7113",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-07253",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-041",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-95933",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "VULHUB",
"id": "VHN-95933"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions \u003c V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions \u003c V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions \u003c V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions \u003c V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions \u003c 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet Module contains service disruption ( Transition to defect mode (defect-mode transition)) There are vulnerabilities that are put into a state.Skillfully crafted by a third party HTTP Service disruption via packets ( Transition to defect mode (defect-mode transition)) There is a possibility of being put into a state. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. Siemens SIPROTEC 4, SIPROTEC Compact, a denial of service vulnerability exists in versions prior to EN100 Ethernet 4.29. A remote attacker can cause a denial of service by constructing an HTTP packet. \nAn attacker can exploit this issue to cause denial-of-service conditions. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: :\n1. Multiple information-disclosure vulnerabilities\n2. A denial-of-service vulnerability\n3. Multiple authentication-bypass vulnerabilities\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "BID",
"id": "92748"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "VULHUB",
"id": "VHN-95933"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7113",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-630413",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-03",
"trust": 2.2
},
{
"db": "BID",
"id": "92748",
"trust": 2.0
},
{
"db": "BID",
"id": "99471",
"trust": 1.4
},
{
"db": "SIEMENS",
"id": "SSA-323211",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-16-250-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-07253",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-334-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-02",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "34719",
"trust": 0.6
},
{
"db": "IVD",
"id": "8829001C-06EF-4F0D-A415-C3CC2278FA17",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-95933",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "VULHUB",
"id": "VHN-95933"
},
{
"db": "BID",
"id": "92748"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"id": "VAR-201609-0492",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "VULHUB",
"id": "VHN-95933"
}
],
"trust": 1.6935605900000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
}
]
},
"last_update_date": "2023-12-18T12:05:38.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-630413",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"title": "Siemens SIPROTEC 4/SIPROTEC Compact denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81147"
},
{
"title": "Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Repair measures for module security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63878"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95933"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "NVD",
"id": "CVE-2016-7113"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-03"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92748"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/99471"
},
{
"trust": 1.1,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-250-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7113"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-334-01"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7113"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-02"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34719"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "VULHUB",
"id": "VHN-95933"
},
{
"db": "BID",
"id": "92748"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"db": "VULHUB",
"id": "VHN-95933"
},
{
"db": "BID",
"id": "92748"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-06T00:00:00",
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"date": "2016-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95933"
},
{
"date": "2016-09-05T00:00:00",
"db": "BID",
"id": "92748"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2016-09-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"date": "2016-09-06T00:59:01.883000",
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07253"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-95933"
},
{
"date": "2017-07-11T12:06:00",
"db": "BID",
"id": "92748"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004538"
},
{
"date": "2018-03-23T01:29:01.040000",
"db": "NVD",
"id": "CVE-2016-7113"
},
{
"date": "2016-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "92748"
},
{
"db": "BID",
"id": "99471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIPROTEC 4/SIPROTEC Compact Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNVD",
"id": "CNVD-2016-07253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "8829001c-06ef-4f0d-a415-c3cc2278fa17"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-041"
}
],
"trust": 0.8
}
}
VAR-201507-0039
Vulnerability from variot - Updated: 2023-12-18 12:05A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device. Siemens SIPROTEC 4 and SIPROTEC Compact Device EN100 Module firmware has a service disruption (DoS) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party UDP port 50000 Denial of service via the above crafted packets (DoS) There is a possibility of being put into a state. The SIPROTEC 4 and SIPROTEC devices offer a wide range of integrated protection, control, measurement and power substation automation functions; the EN100 module is used for IEC 61850 communication. The EN100 module for multiple Siemens SIPROTEC products are prone to a denial-of-service vulnerability. Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device. EN100 is one of the multi-format encoder modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "4.24"
},
{
"model": "siprotec 4",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "4.25"
},
{
"model": "siprotec",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v4.24"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "siprotec",
"version": "4.24"
},
{
"model": "siprotec compact",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7ut686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sd686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.9"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.24"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.23"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.22"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.21"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.19"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.18"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.17"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.16"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.15"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.14"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.13"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.12"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.11"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.10"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "profinet io",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.4.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.25"
}
],
"sources": [
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "BID",
"id": "75948"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_firmware:4.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5374"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "M. Can Kurnaz",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
],
"trust": 0.6
},
"cve": "CVE-2015-5374",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-5374",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04733",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-83335",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5374",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04733",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-644",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83335",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5374",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "VULHUB",
"id": "VHN-83335"
},
{
"db": "VULMON",
"id": "CVE-2015-5374"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions \u003c V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions \u003c V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions \u003c V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions \u003c V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions \u003c 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device. Siemens SIPROTEC 4 and SIPROTEC Compact Device EN100 Module firmware has a service disruption (DoS) There are vulnerabilities that are put into a state. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party UDP port 50000 Denial of service via the above crafted packets (DoS) There is a possibility of being put into a state. The SIPROTEC 4 and SIPROTEC devices offer a wide range of integrated protection, control, measurement and power substation automation functions; the EN100 module is used for IEC 61850 communication. The EN100 module for multiple Siemens SIPROTEC products are prone to a denial-of-service vulnerability. \nRemote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device. EN100 is one of the multi-format encoder modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "BID",
"id": "75948"
},
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83335"
},
{
"db": "VULMON",
"id": "CVE-2015-5374"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-83335",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44103",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83335"
},
{
"db": "VULMON",
"id": "CVE-2015-5374"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5374",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-03",
"trust": 2.3
},
{
"db": "ICS CERT",
"id": "ICSA-15-202-01",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-732541",
"trust": 2.1
},
{
"db": "BID",
"id": "75948",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "44103",
"trust": 1.2
},
{
"db": "SIEMENS",
"id": "SSA-323211",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-201507-644",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-04733",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890",
"trust": 0.8
},
{
"db": "CXSECURITY",
"id": "WLB-2018020218",
"trust": 0.6
},
{
"db": "IVD",
"id": "78FDECC2-A9AF-4A66-B218-01A620B751D5",
"trust": 0.2
},
{
"db": "IVD",
"id": "820A6B4C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "146427",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-89506",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-83335",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5374",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "VULHUB",
"id": "VHN-83335"
},
{
"db": "VULMON",
"id": "CVE-2015-5374"
},
{
"db": "BID",
"id": "75948"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"id": "VAR-201507-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "VULHUB",
"id": "VHN-83335"
}
],
"trust": 1.68712118
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.4
}
],
"sources": [
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
}
]
},
"last_update_date": "2023-12-18T12:05:38.526000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-73254",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf"
},
{
"title": "SIPROTEC 4 denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/61054"
},
{
"title": "Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Fixes for module denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=160157"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/06/12/industroyer_malware/"
},
{
"title": "IDPS",
"trust": 0.1,
"url": "https://github.com/g4xyk00/idps "
},
{
"title": "CVE-2015-5374-DoS-PoC",
"trust": 0.1,
"url": "https://github.com/can/cve-2015-5374-dos-poc "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/khulnasoft-labs/awesome-security "
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "VULMON",
"id": "CVE-2015-5374"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-19",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83335"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "NVD",
"id": "CVE-2015-5374"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-202-01"
},
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-03"
},
{
"trust": 2.1,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-732541.pdf"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/44103/"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/75948"
},
{
"trust": 1.2,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5374"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5374"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2018020218"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec4/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec-compact/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/19.html"
},
{
"trust": 0.1,
"url": "https://github.com/g4xyk00/idps"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=40100"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "VULHUB",
"id": "VHN-83335"
},
{
"db": "VULMON",
"id": "CVE-2015-5374"
},
{
"db": "BID",
"id": "75948"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"db": "VULHUB",
"id": "VHN-83335"
},
{
"db": "VULMON",
"id": "CVE-2015-5374"
},
{
"db": "BID",
"id": "75948"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-23T00:00:00",
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"date": "2015-07-23T00:00:00",
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"date": "2015-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-83335"
},
{
"date": "2015-07-18T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5374"
},
{
"date": "2015-07-17T00:00:00",
"db": "BID",
"id": "75948"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"date": "2015-07-18T10:59:04.117000",
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"date": "2015-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04733"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-83335"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5374"
},
{
"date": "2017-07-11T12:06:00",
"db": "BID",
"id": "75948"
},
{
"date": "2017-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003890"
},
{
"date": "2018-03-23T01:29:00.273000",
"db": "NVD",
"id": "CVE-2015-5374"
},
{
"date": "2021-08-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIPROTEC 4 Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "78fdecc2-a9af-4a66-b218-01a620b751d5"
},
{
"db": "IVD",
"id": "820a6b4c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04733"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-644"
}
],
"trust": 0.6
}
}
VAR-201605-0270
Vulnerability from variot - Updated: 2023-12-18 12:05A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained. Siemens SIPROTEC 4 and SIPROTEC Compact Run on device EN100 Ethernet Modules, and SIPROTEC Compact Run on device Ethernet Service interface integration Web There is a vulnerability in the server that can retrieve important information.By a third party HTTP Important information may be obtained through a request. SiemensSIPROTEC4 is a multi-function relay series; SIPROTECCompact is a microcomputer protection device, EN100 is one of the multi-format encoder modules. An information disclosure vulnerability exists in the integrated web server of SIPROTEC4 and SIPROTECCompact. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. EN100 Ethernet Module prior to 4.29.01 are vulnerable. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "4.26"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "4.27"
},
{
"model": "siprotec",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "en100 module (siprotec 4/siprotec compact)"
},
{
"model": "siprotec compact",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "all versions ethernet service interface (siprotec compact specific model )"
},
{
"model": "siprotec 4",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "en100 ethernet module included in siprotec and siprotec compact",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "4\u003c=4.26"
},
{
"model": "ethernet service interface on port a of siprotec compact models 7sj80 7sk80",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "reyrolle",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 4 en100",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact model en100",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "tpop for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec compact 7sk81",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sk80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sj81",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sj80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7sd80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec compact 7rw80",
"scope": null,
"trust": 0.3,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec 7ut686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sj66",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec 7sd686",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "40"
},
{
"model": "profinet io",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "modbus tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "iec for en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "618500"
},
{
"model": "iec",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "1040"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.9"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.8"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.7"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.6"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.5"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.4"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.26"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.25"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.24"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.23"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.22"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.21"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.2"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.19"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.18"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.17"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.16"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.15"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.14"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.13"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.12"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.11"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.10"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "en100",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "dnp3 tcp",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "tpop for en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "profinet io",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "1.4.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": "en100",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.27"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29"
},
{
"model": "en100 ethernet module",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "4.20"
},
{
"model": "en100 ethernet module",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "4.29.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec",
"version": "4.26"
}
],
"sources": [
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7rw80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sj81:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sj80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sk81:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sk80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_7sd80:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_4_en100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:siprotec_compact_model_en100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:siprotec_firmware:4.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4784"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aleksandr Bersenev from HackerDom team and Pavel Toporkov from Kaspersky Lab,Aleksandr Bersenev from HackerDom team , Aleksandr Bersenev from HackerDom team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4784",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-4784",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03387",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "567e220c-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93603",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2016-4784",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4784",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-03387",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-541",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93603",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-4784",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "VULHUB",
"id": "VHN-93603"
},
{
"db": "VULMON",
"id": "CVE-2016-4784"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions \u003c V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions \u003c V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions \u003c V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions \u003c V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions \u003c 1.02.02; SIPROTEC 7SJ686 : All versions \u003c V 4.83; SIPROTEC 7UT686 : All versions \u003c V 4.01; SIPROTEC 7SD686 : All versions \u003c V 4.03; SIPROTEC 7SJ66 : All versions \u003c V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained. Siemens SIPROTEC 4 and SIPROTEC Compact Run on device EN100 Ethernet Modules, and SIPROTEC Compact Run on device Ethernet Service interface integration Web There is a vulnerability in the server that can retrieve important information.By a third party HTTP Important information may be obtained through a request. SiemensSIPROTEC4 is a multi-function relay series; SIPROTECCompact is a microcomputer protection device, EN100 is one of the multi-format encoder modules. An information disclosure vulnerability exists in the integrated web server of SIPROTEC4 and SIPROTECCompact. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: :\n1. Multiple information-disclosure vulnerabilities\n2. A denial-of-service vulnerability\n3. Multiple authentication-bypass vulnerabilities\nAn attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. \nEN100 Ethernet Module prior to 4.29.01 are vulnerable. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-93603"
},
{
"db": "VULMON",
"id": "CVE-2016-4784"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4784",
"trust": 4.0
},
{
"db": "ICS CERT",
"id": "ICSA-16-140-02",
"trust": 2.9
},
{
"db": "SIEMENS",
"id": "SSA-547990",
"trust": 2.4
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-03",
"trust": 2.3
},
{
"db": "BID",
"id": "90773",
"trust": 2.1
},
{
"db": "BID",
"id": "99471",
"trust": 1.5
},
{
"db": "SIEMENS",
"id": "SSA-323211",
"trust": 1.2
},
{
"db": "ICS CERT",
"id": "ICSA-17-334-01",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201605-541",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-03387",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-187-02",
"trust": 0.6
},
{
"db": "IVD",
"id": "567E220C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-93603",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4784",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "VULHUB",
"id": "VHN-93603"
},
{
"db": "VULMON",
"id": "CVE-2016-4784"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"id": "VAR-201605-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "VULHUB",
"id": "VHN-93603"
}
],
"trust": 1.6433261033333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
}
]
},
"last_update_date": "2023-12-18T12:05:38.670000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-547990",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf"
},
{
"title": "SiemensSIPROTEC4andSIPROTEC Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/76220"
},
{
"title": "Siemens SIPROTEC 4 and SIPROTEC Compact Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61855"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93603"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "NVD",
"id": "CVE-2016-4784"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-140-02"
},
{
"trust": 2.4,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf"
},
{
"trust": 2.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-03"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/90773"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/99471"
},
{
"trust": 1.2,
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-334-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4784"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4784"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-187-02"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec4/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec-compact/pages/overview.aspx"
},
{
"trust": 0.3,
"url": "http://www.siemens.com/"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "VULHUB",
"id": "VHN-93603"
},
{
"db": "VULMON",
"id": "CVE-2016-4784"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"db": "VULHUB",
"id": "VHN-93603"
},
{
"db": "VULMON",
"id": "CVE-2016-4784"
},
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2016-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-93603"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4784"
},
{
"date": "2016-05-19T00:00:00",
"db": "BID",
"id": "90773"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2016-06-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"date": "2016-05-31T01:59:12.993000",
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"date": "2016-05-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03387"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-93603"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4784"
},
{
"date": "2019-02-11T16:00:00",
"db": "BID",
"id": "90773"
},
{
"date": "2017-07-06T00:00:00",
"db": "BID",
"id": "99471"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002974"
},
{
"date": "2018-03-23T01:29:00.633000",
"db": "NVD",
"id": "CVE-2016-4784"
},
{
"date": "2019-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "90773"
},
{
"db": "BID",
"id": "99471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIPROTEC 4 and SIPROTEC Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "567e220c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2016-03387"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-541"
}
],
"trust": 0.6
}
}
VAR-201908-1836
Vulnerability from variot - Updated: 2023-12-18 11:14A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIPROTEC 5 The device contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The SiemensSIPROTEC5 is a multi-function relay. There is a security hole in SiemensSIPROTEC5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1836",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "siprotec 5 digsi device driver",
"scope": "eq",
"trust": 1.1,
"vendor": "siemens",
"version": "*"
},
{
"model": "siprotec 5 digsi device driver",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "siprotec",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "siprotec 5 digsi device driver",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "NVD",
"id": "CVE-2019-10938"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:siprotec_5_digsi_device_driver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:6md89:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sd87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sj86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sk85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7sl87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7um85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut82:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut86:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ut87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7ve85:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:siemens:7vk87:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10938"
}
]
},
"cve": "CVE-2019-10938",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10938",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-25928",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10938",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10938",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-25928",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-207",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2019-10938",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "NVD",
"id": "CVE-2019-10938"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions \u003c V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions \u003c V8.01), Siemens Power Meters Series 9410 (All versions \u003c V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIPROTEC 5 The device contains an access control vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The SiemensSIPROTEC5 is a multi-function relay. There is a security hole in SiemensSIPROTEC5",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"db": "VULMON",
"id": "CVE-2019-10938"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10938",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-632562",
"trust": 2.3
},
{
"db": "SIEMENS",
"id": "SSA-352504",
"trust": 1.7
},
{
"db": "CNVD",
"id": "CNVD-2019-25928",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-207",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605",
"trust": 0.8
},
{
"db": "IVD",
"id": "2465D402-AF66-48D7-8E2C-5D4AD536DE9A",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2019-10938",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "NVD",
"id": "CVE-2019-10938"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
]
},
"id": "VAR-201908-1836",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25928"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25928"
}
]
},
"last_update_date": "2023-12-18T11:14:48.740000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-632562",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
},
{
"title": "Patch for SiemensSIPROTEC5 Access Rights Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/173137"
},
{
"title": "SIPROTEC 5 Ethernet plug-in Repair measures for communication module security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95975"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=2dd69ca01b84b80e09672fedb1c26f51"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=1f919286ef48798d96223ef4d2143337"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "NVD",
"id": "CVE-2019-10938"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10938"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10938"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-352504.txt"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "NVD",
"id": "CVE-2019-10938"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"db": "NVD",
"id": "CVE-2019-10938"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-05T00:00:00",
"db": "IVD",
"id": "2465d402-af66-48d7-8e2c-5d4ad536de9a"
},
{
"date": "2019-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"date": "2019-08-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"date": "2019-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"date": "2019-08-02T14:15:14.147000",
"db": "NVD",
"id": "CVE-2019-10938"
},
{
"date": "2019-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25928"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-10938"
},
{
"date": "2019-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007605"
},
{
"date": "2020-10-02T14:07:51.290000",
"db": "NVD",
"id": "CVE-2019-10938"
},
{
"date": "2020-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIPROTEC 5 Access control vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007605"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-207"
}
],
"trust": 0.6
}
}