CVE-2015-5374
Published Jul 18, 2015
Last updated 7 years ago
Overview
- Description
- A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-19
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:siprotec_firmware:4.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54A8F628-D8DD-48A1-BC79-802E7573CDA0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:siprotec_4:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4F0799D8-BFAC-4DC7-B465-9C757923DD94"
},
{
"criteria": "cpe:2.3:h:siemens:siprotec_compact:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "24E3447F-6F7D-40B0-9D48-68C07FFA133B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]