CVE-2018-16563

🗓️ 21 Mar 2019 14:57:36Reported by siemensType

Vulnerability in multiple firmware variants for EN100 Ethernet module and SIPROTEC 5 relays causing denial-of-service condition

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2018-16563	21 Mar 201914:57	–	cvelist
EUVD	EUVD-2018-8370	7 Oct 202500:30	–	euvd
ICS	ICSA-19-043-02 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays	12 Feb 201900:00	–	ics
NVD	CVE-2018-16563	21 Mar 201916:00	–	nvd
Tenable Nessus	Siemens Siprotec Unspecified Vulnerability	8 Nov 201900:00	–	nessus
Tenable Nessus	Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays Improper Input Validation (CVE-2018-16563)	7 Feb 202200:00	–	nessus
Prion	Design/Logic Flaw	21 Mar 201916:00	–	prion
ThreatPost	Siemens Warns of Critical Remote-Code Execution ICS Flaw	12 Feb 201922:59	–	threatpost

NVD

Node

siemens siprotec_5_with_cpu_variant_cp100Range<7.82

siemens siprotec_5_with_cpu_variant_cp200Range<7.58

siemens siprotec_5_with_cpu_variant_cp300Range<7.82

AND

siemens 6md85Match-

siemens 6md86Match-

siemens 7ke85Match-

siemens 7sa82Match-

siemens 7sa86Match-

siemens 7sa87Match-

siemens 7sd82Match-

siemens 7sd86Match-

siemens 7sd87Match-

siemens 7sj82Match-

siemens 7sj85Match-

siemens 7sj86Match-

siemens 7sk82Match-

siemens 7sk85Match-

siemens 7sl82Match-

siemens 7sl86Match-

siemens 7sl87Match-

siemens 7ss85Match-

siemens 7um85Match-

siemens 7ut82Match-

siemens 7ut85Match-

siemens 7ut86Match-

siemens 7ut87Match-

siemens 7vk87Match-

Node

siemens en100_ethernet_module_firmwareMatch-

siemens en100_ethernet_module_with_firmware_variant_dnp3_tcpMatch-

siemens en100_ethernet_module_with_firmware_variant_iec_61850Match4.35

siemens en100_ethernet_module_with_firmware_variant_iec104Match-

siemens en100_ethernet_module_with_firmware_variant_modbus_tcpMatch-

siemens en100_ethernet_module_with_firmware_variant_profinet_ioMatch-

AND

siemens en100_ethernet_moduleMatch-

[
  {
    "product": "Firmware variant IEC 61850 for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.35"
      }
    ]
  },
  {
    "product": "Firmware variant MODBUS TCP for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant DNP3 TCP for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant IEC104 for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant Profinet IO for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.82"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.58"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf

21 Nov 2024 03:52Current

5.5Medium risk

Vulners AI Score5.5

CVSS 24.3

CVSS 35.9

EPSS0.00491