cnvd - cnvd-2018-04834

CNVD-2018-04834

Vulnerability from cnvd - Published: 2018-03-09

Title

Siemens多个产品存在未授权操作漏洞

Description

SIPROTEC 4，SIPROTEC Compact和Reyrolle设备可对变电所及其他应用提供广泛的集中防护、控制及自动化功能。使用EN100以太网通信模块扩展的SIPROTEC 4，SIPROTEC Compact和Reyrolle设备存在未授权操作漏洞，允许攻击者升级或降级设备的固件，包括降级到具有已知漏洞的旧版本。

Severity

高

Patch Name

Siemens多个产品存在未授权操作漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.industry.siemens.com/cs/us/en/view/109745821

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02

Impacted products

Name
['Siemens IEC 61850 <V4.30', 'Siemens PROFINET IO', 'Siemens Modbus TCP', 'Siemens DNP3', 'Siemens IEC 104']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4838"
    }
  },
  "description": "SIPROTEC 4\uff0cSIPROTEC Compact\u548cReyrolle\u8bbe\u5907\u53ef\u5bf9\u53d8\u7535\u6240\u53ca\u5176\u4ed6\u5e94\u7528\u63d0\u4f9b\u5e7f\u6cdb\u7684\u96c6\u4e2d\u9632\u62a4\u3001\u63a7\u5236\u53ca\u81ea\u52a8\u5316\u529f\u80fd\u3002\r\n\r\n\u4f7f\u7528EN100\u4ee5\u592a\u7f51\u901a\u4fe1\u6a21\u5757\u6269\u5c55\u7684SIPROTEC 4\uff0cSIPROTEC Compact\u548cReyrolle\u8bbe\u5907\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5347\u7ea7\u6216\u964d\u7ea7\u8bbe\u5907\u7684\u56fa\u4ef6\uff0c\u5305\u62ec\u964d\u7ea7\u5230\u5177\u6709\u5df2\u77e5\u6f0f\u6d1e\u7684\u65e7\u7248\u672c\u3002",
  "discovererName": "Ilya Karpov\u548cDmitry Sklyarov",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://support.industry.siemens.com/cs/us/en/view/109745821",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04834",
  "openTime": "2018-03-09",
  "patchDescription": "SIPROTEC 4\uff0cSIPROTEC Compact\u548cReyrolle\u8bbe\u5907\u53ef\u5bf9\u53d8\u7535\u6240\u53ca\u5176\u4ed6\u5e94\u7528\u63d0\u4f9b\u5e7f\u6cdb\u7684\u96c6\u4e2d\u9632\u62a4\u3001\u63a7\u5236\u53ca\u81ea\u52a8\u5316\u529f\u80fd\u3002\r\n\r\n\u4f7f\u7528EN100\u4ee5\u592a\u7f51\u901a\u4fe1\u6a21\u5757\u6269\u5c55\u7684SIPROTEC 4\uff0cSIPROTEC Compact\u548cReyrolle\u8bbe\u5907\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5347\u7ea7\u6216\u964d\u7ea7\u8bbe\u5907\u7684\u56fa\u4ef6\uff0c\u5305\u62ec\u964d\u7ea7\u5230\u5177\u6709\u5df2\u77e5\u6f0f\u6d1e\u7684\u65e7\u7248\u672c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens IEC 61850 \u003cV4.30",
      "Siemens PROFINET IO",
      "Siemens Modbus TCP",
      "Siemens DNP3",
      "Siemens IEC 104"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-09",
  "title": "Siemens\u591a\u4e2a\u4ea7\u54c1\u5b58\u5728\u672a\u6388\u6743\u64cd\u4f5c\u6f0f\u6d1e"
}

CVE-2018-4838 (GCVE-0-2018-4838)

Vulnerability from cvelistv5 – Published: 2018-03-08 17:00 – Updated: 2024-08-05 05:18

Summary

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.

Severity ?

No CVSS data available.

CWE

Other

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://www.securityfocus.com/bid/103379	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Siemens AG

EN100 Ethernet module IEC 61850 variant

Affected: All versions < V4.30

Siemens AG	EN100 Ethernet module DNP3 variant	Affected: All versions < V1.04
Siemens AG	EN100 Ethernet module PROFINET IO variant	Affected: All versions
Siemens AG	EN100 Ethernet module Modbus TCP variant	Affected: All versions
Siemens AG	EN100 Ethernet module IEC 104 variant	Affected: All versions < V1.22

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
          },
          {
            "name": "103379",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "https://www.securityfocus.com/bid/103379"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EN100 Ethernet module IEC 61850 variant",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.30"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module DNP3 variant",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.04"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module PROFINET IO variant",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module Modbus TCP variant",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "EN100 Ethernet module IEC 104 variant",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.22"
            }
          ]
        }
      ],
      "datePublic": "2018-03-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-22T16:56:34",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
        },
        {
          "name": "103379",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "https://www.securityfocus.com/bid/103379"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2018-4838",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EN100 Ethernet module IEC 61850 variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V4.30"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EN100 Ethernet module DNP3 variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V1.04"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EN100 Ethernet module PROFINET IO variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EN100 Ethernet module Modbus TCP variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "EN100 Ethernet module IEC 104 variant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V1.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
            },
            {
              "name": "103379",
              "refsource": "BID",
              "url": "https://www.securityfocus.com/bid/103379"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2018-4838",
    "datePublished": "2018-03-08T17:00:00",
    "dateReserved": "2018-01-02T00:00:00",
    "dateUpdated": "2024-08-05T05:18:26.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-04834

CVE-2018-4838 (GCVE-0-2018-4838)

Tags

Sightings

Nomenclature