Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to Siemens - SIPROTEC 4 7SJ62

cve-2018-4839

Vulnerability from cvelistv5

Published

2018-03-08 17:00

Modified

2024-08-05 05:18

Severity ?

Summary

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

Siemens

DIGSI 4

Version: All versions < V4.92

Siemens	EN100 Ethernet module DNP3 variant	Version: All versions < V1.05.00
Siemens	EN100 Ethernet module IEC 104 variant	Version: All versions
Siemens	EN100 Ethernet module IEC 61850 variant	Version: All versions < V4.30
Siemens	EN100 Ethernet module Modbus TCP variant	Version: All versions
Siemens	EN100 Ethernet module PROFINET IO variant	Version: All versions
Siemens	Other SIPROTEC 4 relays	Version: All versions
Siemens	Other SIPROTEC Compact relays	Version: All versions
Siemens	SIPROTEC 4 7SD80	Version: All versions < V4.70
Siemens	SIPROTEC 4 7SJ61	Version: All versions < V4.96
Siemens	SIPROTEC 4 7SJ62	Version: All versions < V4.96
Siemens	SIPROTEC 4 7SJ64	Version: All versions < V4.96
Siemens	SIPROTEC 4 7SJ66	Version: All versions < V4.30
Siemens	SIPROTEC Compact 7SJ80	Version: All versions < V4.77
Siemens	SIPROTEC Compact 7SK80	Version: All versions < V4.77

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DIGSI 4",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.92"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module DNP3 variant",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.05.00"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module IEC 104 variant",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module IEC 61850 variant",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.30"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module Modbus TCP variant",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module PROFINET IO variant",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "Other SIPROTEC 4 relays",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "Other SIPROTEC Compact relays",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIPROTEC 4 7SD80",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.70"
            }
          ]
        },
        {
          "product": "SIPROTEC 4 7SJ61",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.96"
            }
          ]
        },
        {
          "product": "SIPROTEC 4 7SJ62",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.96"
            }
          ]
        },
        {
          "product": "SIPROTEC 4 7SJ64",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.96"
            }
          ]
        },
        {
          "product": "SIPROTEC 4 7SJ66",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.30"
            }
          ]
        },
        {
          "product": "SIPROTEC Compact 7SJ80",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.77"
            }
          ]
        },
        {
          "product": "SIPROTEC Compact 7SK80",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.77"
            }
          ]
        }
      ],
      "datePublic": "2018-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-13T11:02:46",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-4839",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "DIGSI 4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.92"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EN100 Ethernet module DNP3 variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V1.05.00"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EN100 Ethernet module IEC 104 variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EN100 Ethernet module IEC 61850 variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.30"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EN100 Ethernet module Modbus TCP variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "EN100 Ethernet module PROFINET IO variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Other SIPROTEC 4 relays",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Other SIPROTEC Compact relays",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 4 7SD80",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.70"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 4 7SJ61",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.96"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 4 7SJ62",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.96"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 4 7SJ64",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.96"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC 4 7SJ66",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.30"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC Compact 7SJ80",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.77"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIPROTEC Compact 7SK80",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.77"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-326: Inadequate Encryption Strength"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-4839",
    "datePublished": "2018-03-08T17:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:18:26.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}