CVE-2016-4785
Published on: 05/30/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:26:58 PM UTC
Certain versions of Siprotec 4 En100 from Siemens contain the following vulnerability:
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain a limited amount of device memory content if network access was obtained. This vulnerability only affects EN100 Ethernet module included in SIPROTEC4 and SIPROTEC Compact devices.
- CVE-2016-4785 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|
---|---|---|---|---|
NETWORK | LOW | NONE | NONE | |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
|
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Multiple Siemens SIPROTEC Products ICSA-16-140-02 Information Disclosure Vulnerabilities | cve.report (archive) text/html |
![]() |
Siemens EN100 Ethernet Modules for Reyrolle ICSA-17-187-02 Multiple Security Vulnerabilities | cve.report (archive) text/html |
![]() |
Siemens | www.siemens.com application/pdf |
![]() |
Siemens SIPROTEC 4 and SIPROTEC Compact (Update F) | CISA | ics-cert.us-cert.gov text/html |
![]() |
Siemens SIPROTEC Information Disclosure Vulnerabilities (Update A) | ICS-CERT | Third Party Advisory US Government Resource ics-cert.us-cert.gov text/html |
![]() |
Siemens | Vendor Advisory www.siemens.com application/pdf |
![]() |
Known Affected Configurations (CPE V2.3)
- cpe:2.3:h:siemens:siprotec_4_en100:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_4_en100:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7rw80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7rw80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sd80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sd80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sj80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sj80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sj81:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sj81:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sk80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sk80:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sk81:-:*:*:*:*:*:*:*:
- cpe:2.3:h:siemens:siprotec_compact_model_7sk81:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:siprotec_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:siprotec_firmware:4.26:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:siprotec_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:o:siemens:siprotec_firmware:4.26:*:*:*:*:*:*:*: