icsa-18-067-02
Vulnerability from csaf_cisa
Published
2018-03-08 00:00
Modified
2019-02-12 00:00
Summary
ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)

Notes

CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Summary
Ilya Karpov and Dmitry Sklyarov from Positive Technologies reported this vulnerability to Siemens.
Exploitability
No known public exploits specifically target this vulnerability.


To clipboard 

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Ilya Karpov",
          "Dmitry Sklyarov"
        ],
        "organization": "Positive Technologies",
        "summary": "reporting this vulnerability to Siemens"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "summary",
        "text": "Ilya Karpov and Dmitry Sklyarov from Positive Technologies reported this vulnerability to Siemens.",
        "title": "Summary"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-067-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-067-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-067-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-067-02"
      }
    ],
    "title": "ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)",
    "tracking": {
      "current_release_date": "2019-02-12T00:00:00.000000Z",
      "generator": {
        "date": "2023-01-12T22:19:38.656Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "ICSA-18-067-02",
      "initial_release_date": "2018-03-08T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-03-08T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-067-02 Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension"
        },
        {
          "date": "2018-04-19T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSA-18-067-02 Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension (Update A)"
        },
        {
          "date": "2019-02-12T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSA-18-067-02 Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension (Update B)"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.04",
                "product": {
                  "name": "EN100 Ethernet module DNP3 variant: All versions prior to v1.04",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "EN100 Ethernet module DNP3 variant"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 4.30",
                "product": {
                  "name": "EN100 Ethernet module IEC 61850 variant: All versions prior to V4.30",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "EN100 Ethernet module IEC 61850 variant"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "EN100 Ethernet module Modbus TCP variant: All versions",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "EN100 Ethernet module Modbus TCP variant"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "EN100 Ethernet module PROFINET IO variant: All versions",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "EN100 Ethernet module PROFINET IO variant"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 1.22",
                "product": {
                  "name": "EN100 Ethernet module IEC 104 variant: All versions prior to v1.22",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "EN100 Ethernet module IEC 104 variant"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-4838",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Successful exploitation of this vulnerability could allow an attacker to either upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities.CVE-2018-4838 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)).",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "For all other affected products, Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk. As a general security measure Siemens strongly recommends to protect network access with appropriate mechanisms (e.g., firewalls, segmentation, VPN). It is advised to configure the environment according to Siemens \u0027 operational guidelines in order to run the devices in a protected IT environment.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "EN100 Ethernet module DNP3 variant (All versions prior to v1.04): Update to v1.04 and configure maintenance password, which can be located here: https://support.industry.siemens.com/cs/us/en/ view/109745821",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/%20view/109745821"
        },
        {
          "category": "mitigation",
          "details": "EN100 Ethernet module IEC 61850 variant (All versions prior to v4.30): Update to v4.30, which can be located here: https://support.industry.siemens.com/cs/us/en/view/109745821",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://support.industry.siemens.com/cs/us/en/view/109745821"
        },
        {
          "category": "mitigation",
          "details": "EN100 Ethernet module IEC 104 variant: Update to v1.22, which can be located here: https://support.industry.siemens.com/cs/document/109745821",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://support.industry.siemens.com/cs/document/109745821"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ],
      "title": "CVE-2018-4838"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.