Lucene search

CVE-2018-11452

🗓️ 23 Jul 2018 21:00:29Reported by siemensType

A denial-of-service vulnerability in EN100 Ethernet module due to specially crafted packets

Reporter	Title	Published	Views	Family All 9
Tenable Nessus	Siemens Dnp3 Improper Input Validation	8 Nov 201900:00	–	nessus
Tenable Nessus	Siemens (CVE-2018-11452) (deprecated)	1 Mar 202300:00	–	nessus
Cvelist	CVE-2018-11452	23 Jul 201821:00	–	cvelist
Prion	Design/Logic Flaw	23 Jul 201821:29	–	prion
NVD	CVE-2018-11452	23 Jul 201821:29	–	nvd
F5 Networks	K45062506 : Siemens Ethernet card DoS vulnerabilities CVE-2018-11451 and CVE-2018-11452	4 Sep 201800:00	–	f5
ICS	ICSA-19-038-02 Siemens EN100 Ethernet Module	8 Jan 201900:00	–	ics
ICS	ICSA-18-347-02 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (Update A)	11 Jul 201800:00	–	ics
ThreatPost	Siemens Warns of Critical Remote-Code Execution ICS Flaw	12 Feb 201922:59	–	threatpost

Nvd

Node

siemens dnp3_tcp_firmwareMatch-

siemens iec_61850_firmwareRange<4.33

siemens iec104_firmwareMatch-

siemens modbus_tcp_firmwareMatch-

siemens profinet_io_firmwareMatch-

AND

siemens en100Match-

Node

siemens cp100_firmwareRange<7.80

siemens cp200_firmwareMatch-

siemens cp300_firmwareRange<7.80

AND

siemens 6md85Match-

siemens 6md86Match-

siemens 7ke85Match-

siemens 7sa82Match-

siemens 7sa86Match-

siemens 7sa87Match-

siemens 7sd82Match-

siemens 7sd86Match-

siemens 7sd87Match-

siemens 7sj82Match-

siemens 7sj85Match-

siemens 7sj86Match-

siemens 7sk82Match-

siemens 7sk85Match-

siemens 7sl82Match-

siemens 7sl86Match-

siemens 7sl87Match-

siemens 7ss85Match-

siemens 7um85Match-

siemens 7ut82Match-

siemens 7ut85Match-

siemens 7ut86Match-

siemens 7ut87Match-

siemens 7vk87Match-

[
  {
    "product": "Firmware variant IEC 61850 for EN100 Ethernet module",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.33"
      }
    ]
  },
  {
    "product": "Firmware variant PROFINET IO for EN100 Ethernet module",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant Modbus TCP for EN100 Ethernet module",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant DNP3 TCP for EN100 Ethernet module",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant IEC104 for EN100 Ethernet module",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1.22"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
securityfocus	www.securityfocus.com/bid/106221

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

23 Jul 2018 21:29Current

7.2High risk

Vulners AI Score7.2

CVSS27.8

CVSS37.5

EPSS0.00302

CWE-20