CVE-2018-11452

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf	Mitigation Patch Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf	Mitigation Patch Vendor Advisory
https://www.securityfocus.com/bid/106221

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:siemens:dnp3_tcp_firmware:-:::::::*
	cpe:2.3:o:siemens:iec_61850_firmware::::::::
	cpe:2.3:o:siemens:iec104_firmware:-:::::::*
	cpe:2.3:o:siemens:modbus_tcp_firmware:-:::::::*
	cpe:2.3:o:siemens:profinet_io_firmware:-:::::::*

cpe:2.3:h:siemens:en100:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:siemens:cp100_firmware::::::::
	cpe:2.3:o:siemens:cp200_firmware:-:::::::*
	cpe:2.3:o:siemens:cp300_firmware::::::::

OR	cpe:2.3:h:siemens:6md85:-:::::::*
	cpe:2.3:h:siemens:6md86:-:::::::*
	cpe:2.3:h:siemens:7ke85:-:::::::*
	cpe:2.3:h:siemens:7sa82:-:::::::*
	cpe:2.3:h:siemens:7sa86:-:::::::*
	cpe:2.3:h:siemens:7sa87:-:::::::*
	cpe:2.3:h:siemens:7sd82:-:::::::*
	cpe:2.3:h:siemens:7sd86:-:::::::*
	cpe:2.3:h:siemens:7sd87:-:::::::*
	cpe:2.3:h:siemens:7sj82:-:::::::*
	cpe:2.3:h:siemens:7sj85:-:::::::*
	cpe:2.3:h:siemens:7sj86:-:::::::*
	cpe:2.3:h:siemens:7sk82:-:::::::*
	cpe:2.3:h:siemens:7sk85:-:::::::*
	cpe:2.3:h:siemens:7sl82:-:::::::*
	cpe:2.3:h:siemens:7sl86:-:::::::*
	cpe:2.3:h:siemens:7sl87:-:::::::*
	cpe:2.3:h:siemens:7ss85:-:::::::*
	cpe:2.3:h:siemens:7um85:-:::::::*
	cpe:2.3:h:siemens:7ut82:-:::::::*
	cpe:2.3:h:siemens:7ut85:-:::::::*
	cpe:2.3:h:siemens:7ut86:-:::::::*
	cpe:2.3:h:siemens:7ut87:-:::::::*
	cpe:2.3:h:siemens:7vk87:-:::::::*

History

No history.

Information

Published : 2018-07-23 21:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-11452

Mitre link : CVE-2018-11452

CVE.ORG link : CVE-2018-11452

JSON object : View

Products Affected

siemens

dnp3_tcp_firmware
7sa86
iec_61850_firmware
7ut86
7vk87
7ut85
7sj86
7sa87
cp200_firmware
cp300_firmware
en100
7sk85
7sk82
cp100_firmware
7ke85
profinet_io_firmware
iec104_firmware
7sj82
7sa82
7sj85
7sl82
7ut82
7sd86
7um85
6md86
6md85
7ss85
modbus_tcp_firmware
7sl86
7ut87
7sd87
7sl87
7sd82

CWE

CWE-20

Improper Input Validation

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2018-11452

7.5^/10

7.8^/10

Attach tags to `CVE-2018-11452`