Multiple vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-4839 CVE-2018-4840 CVE-2018-4838 |
| CWE-ID | CWE-326 CWE-306 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Siprotec Compact Hardware solutions / Security hardware applicances SIPROTEC 4 Hardware solutions / Security hardware applicances SIPROTEC Compact 7SK80 Hardware solutions / Security hardware applicances SIPROTEC Compact 7SJ80 Hardware solutions / Security hardware applicances SIPROTEC 4 7SJ66 Hardware solutions / Security hardware applicances EN100 Ethernet module IEC 104 variant Hardware solutions / Security hardware applicances EN100 Ethernet module DNP3 TCP variant Hardware solutions / Security hardware applicances EN100 Ethernet module Modbus TCP variant Hardware solutions / Security hardware applicances EN100 Ethernet module PROFINET IO variant Hardware solutions / Security hardware applicances EN100 Ethernet module IEC 61850 variant Hardware solutions / Security hardware applicances DIGSI 4 Hardware solutions / Security hardware applicances |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Security restrictions bypass
EUVDB-ID: #VU10886
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4839
CWE-ID:
CWE-326 - Inadequate Encryption Strength
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to inadequate encryption strength. A remote attacker with local access to the engineering system or in a privileged network position can capture certain network traffic, and possibly reconstruct access authorization passwords.
Install update from vendor's website.
Vulnerable software versionsSiprotec Compact: All versions
SIPROTEC 4: All versions
SIPROTEC Compact 7SK80: All versions
SIPROTEC Compact 7SJ80: All versions
SIPROTEC 4 7SJ66: All versions
EN100 Ethernet module IEC 104 variant: All versions
EN100 Ethernet module DNP3 TCP variant: All versions
EN100 Ethernet module Modbus TCP variant: All versions
EN100 Ethernet module PROFINET IO variant: All versions
EN100 Ethernet module IEC 61850 variant: All versions
DIGSI 4: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU10887
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4840
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to missing authentication for critical function. A remote attacker can upload a modified device configuration, and overwrite access authorization passwords.
Install update from vendor's website.
Vulnerable software versionsEN100 Ethernet module IEC 104 variant: All versions
EN100 Ethernet module DNP3 TCP variant: All versions
EN100 Ethernet module Modbus TCP variant: All versions
EN100 Ethernet module PROFINET IO variant: All versions
EN100 Ethernet module IEC 61850 variant: All versions
DIGSI 4: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU10888
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-4838
CWE-ID:
CWE-306 - Missing Authentication for Critical Function
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to missing authentication for critical function. A remote attacker can upgrade or downgrade the firmware of the device, including downgrading to older versions with known vulnerabilities.
Install update from vendor's website.
Vulnerable software versionsEN100 Ethernet module IEC 104 variant: All versions
EN100 Ethernet module DNP3 TCP variant: All versions
EN100 Ethernet module Modbus TCP variant: All versions
EN100 Ethernet module PROFINET IO variant: All versions
EN100 Ethernet module IEC 61850 variant: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
