Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for EN100 Ethernet module IEC 104 variant by Siemens AG

    CVE-2018-4838 (GCVE-0-2018-4838)

    Vulnerability from nvd – Published: 2018-03-08 17:00 – Updated: 2024-08-05 05:18
    VLAI
    Summary
    A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Date Public
    2018-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:18:26.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
              },
              {
                "name": "103379",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/103379"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EN100 Ethernet module IEC 61850 variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V4.30"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module DNP3 variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V1.04"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module PROFINET IO variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module Modbus TCP variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module IEC 104 variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V1.22"
                }
              ]
            }
          ],
          "datePublic": "2018-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-22T16:56:34.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
            },
            {
              "name": "103379",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/103379"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2018-4838",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module IEC 61850 variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V4.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module DNP3 variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V1.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module PROFINET IO variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module Modbus TCP variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module IEC 104 variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V1.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
                },
                {
                  "name": "103379",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/103379"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2018-4838",
        "datePublished": "2018-03-08T17:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:18:26.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-4838 (GCVE-0-2018-4838)

    Vulnerability from cvelistv5 – Published: 2018-03-08 17:00 – Updated: 2024-08-05 05:18
    VLAI
    Summary
    A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • Other
    Assigner
    References
    Date Public
    2018-03-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:18:26.631Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
              },
              {
                "name": "103379",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "https://www.securityfocus.com/bid/103379"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "EN100 Ethernet module IEC 61850 variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V4.30"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module DNP3 variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V1.04"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module PROFINET IO variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module Modbus TCP variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions"
                }
              ]
            },
            {
              "product": "EN100 Ethernet module IEC 104 variant",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V1.22"
                }
              ]
            }
          ],
          "datePublic": "2018-03-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Other",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-22T16:56:34.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
            },
            {
              "name": "103379",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "https://www.securityfocus.com/bid/103379"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2018-4838",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module IEC 61850 variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V4.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module DNP3 variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V1.04"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module PROFINET IO variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module Modbus TCP variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "EN100 Ethernet module IEC 104 variant",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V1.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions \u003c V4.30), EN100 Ethernet module DNP3 variant (All versions \u003c V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions \u003c V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Other"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf"
                },
                {
                  "name": "103379",
                  "refsource": "BID",
                  "url": "https://www.securityfocus.com/bid/103379"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2018-4838",
        "datePublished": "2018-03-08T17:00:00.000Z",
        "dateReserved": "2018-01-02T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:18:26.631Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }