Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
BID:106221
CVE-2018-11451 | CVE-2018-11452 |Info
Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
| Bugtraq ID: | 106221 |
| Class: | Design Error |
| CVE: |
CVE-2018-11451 CVE-2018-11452 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 11 2018 12:00AM |
| Updated: | Feb 11 2019 07:00AM |
| Credit: | Victor Nikitin, Vladislav Suchkov, and Ilya Karpov from ScadaX |
| Vulnerable: |
Siemens SIPROTEC 5 0 Siemens PROFINET IO for EN100 0 Siemens Modbus TCP for EN100 0 Siemens IEC104 for EN100 0 Siemens IEC 61850 for EN100 0 |
| Not Vulnerable: |
Siemens SIPROTEC 5 CP300 7.80 Siemens SIPROTEC 5 CP200 7.58 Siemens SIPROTEC 5 CP100 7.80 Siemens IEC 61850 for EN100 4.33 |
Discussion
Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
Siemens EN100 Ethernet Communication module and Communication are prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users.
Following products are vulnerable:
SIPROTEC 5 relays with CPU variants CP300 and CP100 prior to 7.80
SIPROTEC 5 relays with CPU variants CP200 prior to 7.5Firmware variant IEC 61850 for EN100 Ethernet module prior to 4.33Firmware variant PROFINET IO for EN100 Ethernet module, all versionsFirmware variant Modbus TCP for EN100 Ethernet module, all versions
Firmware variant DNP3 TCP for EN100 Ethernet module, all versions
Firmware variant IEC104 for EN100 Ethernet module, all versions
Siemens EN100 Ethernet Communication module and Communication are prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users.
Following products are vulnerable:
SIPROTEC 5 relays with CPU variants CP300 and CP100 prior to 7.80
SIPROTEC 5 relays with CPU variants CP200 prior to 7.5Firmware variant IEC 61850 for EN100 Ethernet module prior to 4.33Firmware variant PROFINET IO for EN100 Ethernet module, all versionsFirmware variant Modbus TCP for EN100 Ethernet module, all versions
Firmware variant DNP3 TCP for EN100 Ethernet module, all versions
Firmware variant IEC104 for EN100 Ethernet module, all versions
Exploit / POC
Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Note: Siemens has released updates for several products and recommends specific workarounds and mitigation techniques until fixes are available.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Note: Siemens has released updates for several products and recommends specific workarounds and mitigation techniques until fixes are available.
References
Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
References:
References: