CVE-2018-4838

Published Mar 8, 2018

Last updated 3 days ago

CVSS high 7.5

Overview

Description: A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
Source: productcert@siemens.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_iec_104_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "300FAA93-3BBB-4848-AFA5-97DE57053E5E"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_iec_104:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "75FDB347-4ED5-4A36-A9CA-B2A461A92572"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_dnp3_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15E8060A-2897-4E2E-9441-5687D923C642"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_dnp3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6E733162-1D6E-4CF7-9CB2-007C8CA8B6B4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_modbus_tcp_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71DCD4E3-9BA4-44CE-BFCC-6659258FCE31"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_modbus_tcp:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "48118739-31B9-4600-8856-D7E9870479E7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_profinet_io_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C2FA062-EBFE-457F-988E-60A9317212A4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_profinet_io:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "11199473-60BF-42AB-B6F0-BEF9663C67B7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:en100_ethernet_module_iec_61850_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42ABCFB1-0D86-47DB-8257-370B70E1C969",
            "versionEndExcluding": "4.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:en100_ethernet_module_iec_61850:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3C5EC8F7-6CD2-461B-9D06-2D9F4D083A98"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References