CVE-2016-4784

{"id": "CVE-2016-4784", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2016-05-31T01:59:12.993", "references": [{"url": "http://www.securityfocus.com/bid/90773", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/99471", "source": "cve@mitre.org"}, {"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-140-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03", "source": "cve@mitre.org"}, {"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en la variante de Firmware PROFINET IO para los m\u00f3dulos EN100 Ethernet: en todas las versiones anteriores a V1.04.01; la variante de Firmware Modbus TCP para los m\u00f3dulos EN100 Ethernet: en todas las versiones anteriores a V1.11.00; la variante de Firmware v TCP para los m\u00f3dulos EN100 Ethernet: en todas las versiones anteriores a V1.03; la variante de Firmware IEC 104 para los m\u00f3dulos EN100 Ethernet: en todas las versiones anteriores a V1.21 y el m\u00f3dulo EN100 Ethernet incluido en SIPROTEC Merging Unit 6MU80: todas las versiones anteriores a la 1.02.02; SIPROTEC 7SJ686: todas las versiones anteriores a la V 4.83; SIPROTEC 7UT686: todas las versiones anteriores a la V 4.01; SIPROTEC 7SD686: todas las versiones anteriores a la V 4.03 y SIPROTEC 7SJ66: todas las versiones anteriores a la V 4.20. El servidor web integrado (puerto 80/tcp) de los dispositivos afectados podr\u00eda permitir que los atacantes remotos obtengan informaci\u00f3n sensible del dispositivo si obtienen acceso de red."}], "lastModified": "2018-03-23T01:29:00.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siprotec_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A83974-66CD-409D-A309-568578F44A69"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siprotec_compact_model_7rw80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2883847C-7500-4431-8EB9-0B7B4DABC4FD"}, {"criteria": "cpe:2.3:h:siemens:siprotec_compact_model_7sd80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "72C34F7E-F579-4830-A5E9-F61F71142153"}, {"criteria": "cpe:2.3:h:siemens:siprotec_compact_model_7sj80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BF126B3F-B400-43B1-AC08-9458055B7449"}, {"criteria": "cpe:2.3:h:siemens:siprotec_compact_model_7sj81:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73E3AAB3-A15B-4159-B7A2-EA70D216B620"}, {"criteria": "cpe:2.3:h:siemens:siprotec_compact_model_7sk80:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EA7F273D-9E60-45AB-9BBD-434D45FA0608"}, {"criteria": "cpe:2.3:h:siemens:siprotec_compact_model_7sk81:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "411C805A-16C5-4430-8F23-2D5E4D5A423E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:siprotec_4_en100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9D3FF8F1-73E6-4F1E-8222-E9191D6A764E"}, {"criteria": "cpe:2.3:h:siemens:siprotec_compact_model_en100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7CE743D-D5A1-4E58-A8C8-1DC755286B54"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:siprotec_firmware:4.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DB48800-BDF6-4BF9-8383-39693568CF67"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}