← Back

CVE-2018-4839

nvd nist
Published: Mar 8, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.6 / Impact: 3.6
Source: NVD

Description

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.

Affected (9)

Siemens
9 products
Siprotec Compact 7sj80 Firmware
Siprotec Compact 7sk80 Firmware
Siprotec 4 7sj66 Firmware
Digsi 4
En100 Ethernet Module Iec 104 Firmware
En100 Ethernet Module Dnp3 Firmware
En100 Ethernet Module Modbus Tcp Firmware
En100 Ethernet Module Profinet Io Firmware
En100 Ethernet Module Iec 61850 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siprotec Compact 7sj80 Firmware
Before 4.77
Running on/withPlatform Versions
Siemens
Siprotec Compact 7sj80
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siprotec Compact 7sk80 Firmware
Before 4.77
Running on/withPlatform Versions
Siemens
Siprotec Compact 7sk80
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siprotec 4 7sj66 Firmware
Before 4.30
Running on/withPlatform Versions
Siemens
Siprotec 4 7sj66
All versions
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Digsi 4
Before 4.92
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
En100 Ethernet Module Iec 104 Firmware
All versions
Running on/withPlatform Versions
Siemens
En100 Ethernet Module Iec 104
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
En100 Ethernet Module Dnp3 Firmware
All versions
Running on/withPlatform Versions
Siemens
En100 Ethernet Module Dnp3
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
En100 Ethernet Module Modbus Tcp Firmware
All versions
Running on/withPlatform Versions
Siemens
En100 Ethernet Module Modbus Tcp
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
En100 Ethernet Module Profinet Io Firmware
All versions
Running on/withPlatform Versions
Siemens
En100 Ethernet Module Profinet Io
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
En100 Ethernet Module Iec 61850 Firmware
Before 4.30
Running on/withPlatform Versions
Siemens
En100 Ethernet Module Iec 61850
All versions

Related CWEs

CWE-326
Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (3)

Source: productcert@siemens.com
PatchVendor Advisory
Source: nvd@nist.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.