← Back

CVE-2016-4784

nvd nist
Published: May 31, 2016Modified: May 6, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.

Affected (2)

Siemens
1 product
Siprotec Firmware
Configuration A
1 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Siprotec Firmware
All versions
Running on/withPlatform Versions
Siemens
Siprotec Compact Model 7rw80
All versions
Siemens
Siprotec Compact Model 7sd80
All versions
Siemens
Siprotec Compact Model 7sj80
All versions
Siemens
Siprotec Compact Model 7sj81
All versions
Siemens
Siprotec Compact Model 7sk80
All versions
Siemens
Siprotec Compact Model 7sk81
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Siprotec Firmware
Version 4.26
Running on/withPlatform Versions
Siemens
Siprotec 4 En100
All versions
Siemens
Siprotec Compact Model En100
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.