FKIE_CVE-2018-4838

Vulnerability from fkie_nvd - Published: 2018-03-08 17:29 - Updated: 2024-11-21 04:07
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdfPatch, Vendor Advisory
productcert@siemens.comhttps://www.securityfocus.com/bid/103379
nvd@nist.govhttps://ics-cert.us-cert.gov/advisories/ICSA-18-067-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdfPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.securityfocus.com/bid/103379
Impacted products
Vendor Product Version
siemens en100_ethernet_module_iec_104_firmware -
siemens en100_ethernet_module_iec_104 -
siemens en100_ethernet_module_dnp3_firmware -
siemens en100_ethernet_module_dnp3 -
siemens en100_ethernet_module_modbus_tcp_firmware -
siemens en100_ethernet_module_modbus_tcp -
siemens en100_ethernet_module_profinet_io_firmware -
siemens en100_ethernet_module_profinet_io -
siemens en100_ethernet_module_iec_61850_firmware *
siemens en100_ethernet_module_iec_61850 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_iec_104_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "300FAA93-3BBB-4848-AFA5-97DE57053E5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_iec_104:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FDB347-4ED5-4A36-A9CA-B2A461A92572",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_dnp3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E8060A-2897-4E2E-9441-5687D923C642",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_dnp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E733162-1D6E-4CF7-9CB2-007C8CA8B6B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_modbus_tcp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DCD4E3-9BA4-44CE-BFCC-6659258FCE31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_modbus_tcp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48118739-31B9-4600-8856-D7E9870479E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_profinet_io_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FA062-EBFE-457F-988E-60A9317212A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_profinet_io:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11199473-60BF-42AB-B6F0-BEF9663C67B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_iec_61850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42ABCFB1-0D86-47DB-8257-370B70E1C969",
              "versionEndExcluding": "4.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_iec_61850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5EC8F7-6CD2-461B-9D06-2D9F4D083A98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en la variante del m\u00f3dulo de Ethernet EN100 IEC 61850 (todas las versiones anteriores a la V4.30), la variante del m\u00f3dulo de Ethernet EN100 DNP3 (todas las versiones anteriores a la V1.04), la variante del m\u00f3dulo de Ethernet EN100 PROFINET IO (todas las versiones), la variante del m\u00f3dulo de Ethernet EN100 Modbus TCP (todas las versiones) y la variante del m\u00f3dulo de Ethernet EN100 IEC 104 (todas las versiones anteriores a la V1.22). La interfaz web (TCP/80) de los dispositivos afectados permite que un usuario no autenticado actualice o degrade el firmware del dispositivo, incluyendo versiones m\u00e1s antiguas con vulnerabilidades conocidas."
    }
  ],
  "id": "CVE-2018-4838",
  "lastModified": "2024-11-21T04:07:33.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-08T17:29:00.210",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "url": "https://www.securityfocus.com/bid/103379"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.securityfocus.com/bid/103379"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.