FKIE_CVE-2018-4839

Vulnerability from fkie_nvd - Published: 2018-03-08 17:29 - Updated: 2024-11-21 04:07
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.
References
productcert@siemens.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdfPatch, Vendor Advisory
nvd@nist.govhttps://ics-cert.us-cert.gov/advisories/ICSA-18-067-01Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdfPatch, Vendor Advisory
Impacted products
Vendor Product Version
siemens siprotec_compact_7sj80_firmware *
siemens siprotec_compact_7sj80 -
siemens siprotec_compact_7sk80_firmware *
siemens siprotec_compact_7sk80 -
siemens siprotec_4_7sj66_firmware *
siemens siprotec_4_7sj66 -
siemens digsi_4 *
siemens en100_ethernet_module_iec_104_firmware -
siemens en100_ethernet_module_iec_104 -
siemens en100_ethernet_module_dnp3_firmware -
siemens en100_ethernet_module_dnp3 -
siemens en100_ethernet_module_modbus_tcp_firmware -
siemens en100_ethernet_module_modbus_tcp -
siemens en100_ethernet_module_profinet_io_firmware -
siemens en100_ethernet_module_profinet_io -
siemens en100_ethernet_module_iec_61850_firmware *
siemens en100_ethernet_module_iec_61850 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siprotec_compact_7sj80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA01070B-B71D-4432-A39F-91F9AF699985",
              "versionEndExcluding": "4.77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siprotec_compact_7sj80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "474DE009-D90F-47D1-912B-765EF1C84AF5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siprotec_compact_7sk80_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9053816-0F6F-4647-AAD4-E665711823EB",
              "versionEndExcluding": "4.77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siprotec_compact_7sk80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4B76D9-5208-4766-8E3F-D8911BDC3A78",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:siprotec_4_7sj66_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D44664B0-13FF-449F-A329-2F267C0A29C0",
              "versionEndExcluding": "4.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:siprotec_4_7sj66:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D3E04F-7181-488A-AAEF-E846C3DC9BCB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:digsi_4:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69174713-D30C-41BE-8192-E3A766E68E9F",
              "versionEndExcluding": "4.92",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_iec_104_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "300FAA93-3BBB-4848-AFA5-97DE57053E5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_iec_104:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FDB347-4ED5-4A36-A9CA-B2A461A92572",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_dnp3_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E8060A-2897-4E2E-9441-5687D923C642",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_dnp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E733162-1D6E-4CF7-9CB2-007C8CA8B6B4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_modbus_tcp_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "71DCD4E3-9BA4-44CE-BFCC-6659258FCE31",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_modbus_tcp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48118739-31B9-4600-8856-D7E9870479E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_profinet_io_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C2FA062-EBFE-457F-988E-60A9317212A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_profinet_io:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11199473-60BF-42AB-B6F0-BEF9663C67B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_iec_61850_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42ABCFB1-0D86-47DB-8257-370B70E1C969",
              "versionEndExcluding": "4.30",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_iec_61850:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5EC8F7-6CD2-461B-9D06-2D9F4D083A98",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in DIGSI 4 (All versions \u003c V4.92), EN100 Ethernet module DNP3 variant (All versions \u003c V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions \u003c V4.70), SIPROTEC 4 7SJ61 (All versions \u003c V4.96), SIPROTEC 4 7SJ62 (All versions \u003c V4.96), SIPROTEC 4 7SJ64 (All versions \u003c V4.96), SIPROTEC 4 7SJ66 (All versions \u003c V4.30), SIPROTEC Compact 7SJ80 (All versions \u003c V4.77), SIPROTEC Compact 7SK80 (All versions \u003c V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en Siemens DIGSI 4 (Todas las versiones anteriores a V4.92), EN100 Ethernet module DNP3 variant (Todas las versiones anteriores a V1.05.00), EN100 Ethernet module IEC 104 variant (Todas las versiones), EN100 Ethernet module IEC 61850 variant (Todas las versiones anteriores a V4.30), EN100 Ethernet module Modbus TCP variant (Todas las versiones), EN100 Ethernet module PROFINET IO variant (Todas las versiones), Other SIPROTEC 4 relays (Todas las versiones), Other SIPROTEC Compact relays (Todas las versiones), SIPROTEC 4 7SD80 (Todas las versiones anteriores a V4.70), SIPROTEC 4 7SJ61 (Todas las versiones anteriores a V4.96), SIPROTEC 4 7SJ62 (Todas las versiones anteriores a V4.96), SIPROTEC 4 7SJ64 (Todas las versiones anteriores a V4.96), SIPROTEC 4 7SJ66 (Todas las versiones anteriores a V4.30), SIPROTEC Compact 7SJ80 (Todas las versiones anteriores a V4.77), SIPROTEC Compact 7SK80 (Todas las versiones anteriores a V4.77). Un atacante con acceso local al sistema de ingenier\u00eda o en una posici\u00f3n de red privilegiada y capaz de obtener cierto tr\u00e1fico de red podr\u00eda reconstruir contrase\u00f1as de autorizaci\u00f3n de acceso"
    }
  ],
  "id": "CVE-2018-4839",
  "lastModified": "2024-11-21T04:07:33.527",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-03-08T17:29:00.257",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.