CVE-2018-16563

Summary

CVE	CVE-2018-16563
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-03-21 16:00:00 UTC
Updated	2019-10-03 00:03:00 UTC
Description	A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Siemens	6md85	-	All	All	All
Hardware	Siemens	6md85	-	All	All	All
Hardware	Siemens	6md86	-	All	All	All
Hardware	Siemens	6md86	-	All	All	All
Hardware	Siemens	7ke85	-	All	All	All
Hardware	Siemens	7ke85	-	All	All	All
Hardware	Siemens	7sa82	-	All	All	All
Hardware	Siemens	7sa82	-	All	All	All
Hardware	Siemens	7sa86	-	All	All	All
Hardware	Siemens	7sa86	-	All	All	All
Hardware	Siemens	7sa87	-	All	All	All
Hardware	Siemens	7sa87	-	All	All	All
Hardware	Siemens	7sd82	-	All	All	All
Hardware	Siemens	7sd82	-	All	All	All
Hardware	Siemens	7sd86	-	All	All	All
Hardware	Siemens	7sd86	-	All	All	All
Hardware	Siemens	7sd87	-	All	All	All
Hardware	Siemens	7sd87	-	All	All	All
Hardware	Siemens	7sj82	-	All	All	All
Hardware	Siemens	7sj82	-	All	All	All
Hardware	Siemens	7sj85	-	All	All	All
Hardware	Siemens	7sj85	-	All	All	All
Hardware	Siemens	7sj86	-	All	All	All
Hardware	Siemens	7sj86	-	All	All	All
Hardware	Siemens	7sk82	-	All	All	All
Hardware	Siemens	7sk82	-	All	All	All
Hardware	Siemens	7sk85	-	All	All	All
Hardware	Siemens	7sk85	-	All	All	All
Hardware	Siemens	7sl82	-	All	All	All
Hardware	Siemens	7sl82	-	All	All	All
Hardware	Siemens	7sl86	-	All	All	All
Hardware	Siemens	7sl86	-	All	All	All
Hardware	Siemens	7sl87	-	All	All	All
Hardware	Siemens	7sl87	-	All	All	All
Hardware	Siemens	7ss85	-	All	All	All
Hardware	Siemens	7ss85	-	All	All	All
Hardware	Siemens	7um85	-	All	All	All
Hardware	Siemens	7um85	-	All	All	All
Hardware	Siemens	7ut82	-	All	All	All
Hardware	Siemens	7ut82	-	All	All	All
Hardware	Siemens	7ut85	-	All	All	All
Hardware	Siemens	7ut85	-	All	All	All
Hardware	Siemens	7ut86	-	All	All	All
Hardware	Siemens	7ut86	-	All	All	All
Hardware	Siemens	7ut87	-	All	All	All
Hardware	Siemens	7ut87	-	All	All	All
Hardware	Siemens	7vk87	-	All	All	All
Hardware	Siemens	7vk87	-	All	All	All
Hardware	Siemens	En100 Ethernet Module	-	All	All	All
Hardware	Siemens	En100 Ethernet Module	-	All	All	All
Operating System	Siemens	En100 Ethernet Module Firmware	-	All	All	All
Operating System	Siemens	En100 Ethernet Module Firmware	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Dnp3 Tcp	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Dnp3 Tcp	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Iec104	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Iec104	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Iec 61850	4.35	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Iec 61850	4.35	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Modbus Tcp	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Modbus Tcp	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Profinet Io	-	All	All	All
Operating System	Siemens	En100 Ethernet Module With Firmware Variant Profinet Io	-	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp100	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp100	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp200	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp200	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp300	All	All	All	All
Operating System	Siemens	Siprotec 5 With Cpu Variant Cp300	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf	CONFIRM	cert-portal.siemens.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

591417 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays Denial of Service (DoS) Vulnerabilities (SSA-104088)