CVE-2018-4839
N/A
Summary
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | DIGSI 4 | All versions < V4.92 | affected |
| Siemens | EN100 Ethernet module DNP3 variant | All versions < V1.05.00 | affected |
| Siemens | EN100 Ethernet module IEC 104 variant | All versions | affected |
| Siemens | EN100 Ethernet module IEC 61850 variant | All versions < V4.30 | affected |
| Siemens | EN100 Ethernet module Modbus TCP variant | All versions | affected |
| Siemens | EN100 Ethernet module PROFINET IO variant | All versions | affected |
| Siemens | Other SIPROTEC 4 relays | All versions | affected |
| Siemens | Other SIPROTEC Compact relays | All versions | affected |
| Siemens | SIPROTEC 4 7SD80 | All versions < V4.70 | affected |
| Siemens | SIPROTEC 4 7SJ61 | All versions < V4.96 | affected |
| Siemens | SIPROTEC 4 7SJ62 | All versions < V4.96 | affected |
| Siemens | SIPROTEC 4 7SJ64 | All versions < V4.96 | affected |
| Siemens | SIPROTEC 4 7SJ66 | All versions < V4.30 | affected |
| Siemens | SIPROTEC Compact 7SJ80 | All versions < V4.77 | affected |
| Siemens | SIPROTEC Compact 7SK80 | All versions < V4.77 | affected |
Weaknesses
- CWE-326: CWE-326: Inadequate Encryption Strength
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.