CVE-2018-4838
N/A
N/A
Summary
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens AG | EN100 Ethernet module IEC 61850 variant | All versions < V4.30 | affected |
| Siemens AG | EN100 Ethernet module DNP3 variant | All versions < V1.04 | affected |
| Siemens AG | EN100 Ethernet module PROFINET IO variant | All versions | affected |
| Siemens AG | EN100 Ethernet module Modbus TCP variant | All versions | affected |
| Siemens AG | EN100 Ethernet module IEC 104 variant | All versions < V1.22 | affected |
Weaknesses
- Other
ADP Enrichment
CVE Program Container
Additional References
- https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf
- https://www.securityfocus.com/bid/103379
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf
- https://www.securityfocus.com/bid/103379
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.