Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveSiemensCVE-2018-16563
HistoryMar 21, 2019 - 4:00 p.m.

CVE-2018-16563

2019-03-2116:00:22
siemens
web.nvd.nist.gov
38
cve-2018-16563
firmware variant
iec 61850
modbus tcp
dnp3 tcp
iec104
profinet io
siprotec 5
denial-of-service
network security
vulnerability
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected configurations

Nvd
Node
siemenssiprotec_5_with_cpu_variant_cp100Range<7.82
OR
siemenssiprotec_5_with_cpu_variant_cp200Range<7.58
OR
siemenssiprotec_5_with_cpu_variant_cp300Range<7.82
AND
siemens6md85Match-
OR
siemens6md86Match-
OR
siemens7ke85Match-
OR
siemens7sa82Match-
OR
siemens7sa86Match-
OR
siemens7sa87Match-
OR
siemens7sd82Match-
OR
siemens7sd86Match-
OR
siemens7sd87Match-
OR
siemens7sj82Match-
OR
siemens7sj85Match-
OR
siemens7sj86Match-
OR
siemens7sk82Match-
OR
siemens7sk85Match-
OR
siemens7sl82Match-
OR
siemens7sl86Match-
OR
siemens7sl87Match-
OR
siemens7ss85Match-
OR
siemens7um85Match-
OR
siemens7ut82Match-
OR
siemens7ut85Match-
OR
siemens7ut86Match-
OR
siemens7ut87Match-
OR
siemens7vk87Match-
Node
siemensen100_ethernet_module_firmwareMatch-
OR
siemensen100_ethernet_module_with_firmware_variant_dnp3_tcpMatch-
OR
siemensen100_ethernet_module_with_firmware_variant_iec_61850Match4.35
OR
siemensen100_ethernet_module_with_firmware_variant_iec104Match-
OR
siemensen100_ethernet_module_with_firmware_variant_modbus_tcpMatch-
OR
siemensen100_ethernet_module_with_firmware_variant_profinet_ioMatch-
AND
siemensen100_ethernet_moduleMatch-
VendorProductVersionCPE
siemenssiprotec_5_with_cpu_variant_cp100*cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp100:*:*:*:*:*:*:*:*
siemenssiprotec_5_with_cpu_variant_cp200*cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp200:*:*:*:*:*:*:*:*
siemenssiprotec_5_with_cpu_variant_cp300*cpe:2.3:o:siemens:siprotec_5_with_cpu_variant_cp300:*:*:*:*:*:*:*:*
siemens6md85-cpe:2.3:h:siemens:6md85:-:*:*:*:*:*:*:*
siemens6md86-cpe:2.3:h:siemens:6md86:-:*:*:*:*:*:*:*
siemens7ke85-cpe:2.3:h:siemens:7ke85:-:*:*:*:*:*:*:*
siemens7sa82-cpe:2.3:h:siemens:7sa82:-:*:*:*:*:*:*:*
siemens7sa86-cpe:2.3:h:siemens:7sa86:-:*:*:*:*:*:*:*
siemens7sa87-cpe:2.3:h:siemens:7sa87:-:*:*:*:*:*:*:*
siemens7sd82-cpe:2.3:h:siemens:7sd82:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 341

CNA Affected

[
  {
    "product": "Firmware variant IEC 61850 for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.35"
      }
    ]
  },
  {
    "product": "Firmware variant MODBUS TCP for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant DNP3 TCP for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant IEC104 for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Firmware variant Profinet IO for EN100 Ethernet module",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.82"
      }
    ]
  },
  {
    "product": "SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V7.58"
      }
    ]
  }
]

Related

nessus 2
cvelist 1
prion 1
ics 1
nvd 1
threatpost 1
nessus
nessus
Siemens Siprotec Unspecified Vulnerability
2019-11-08 00:00:00
Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays Improper Input Validation (CVE-2018-16563)
2022-02-07 00:00:00
cvelist
cvelist
CVE-2018-16563
2019-03-21 14:57:36
prion
prion
Design/Logic Flaw
2019-03-21 16:00:00
ics
ics
Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays
2019-02-12 12:00:00
nvd
nvd
CVE-2018-16563
2019-03-21 16:00:22
threatpost
threatpost
Siemens Warns of Critical Remote-Code Execution ICS Flaw
2019-02-12 22:59:46

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON
Related for CVE-2018-16563
nessus2cvelist1prion1ics1nvd1threatpost1