Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-4839
HistoryMar 08, 2018 - 5:29 p.m.

CVE-2018-4839

2018-03-0817:29:00
CWE-326
[email protected]
web.nvd.nist.gov
30
cve-2018-4839
digsi 4
siprotec
vulnerability
access authorization
network security
nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.

Affected configurations

NVD
Node
siemenssiprotec_compact_7sj80Match-
AND
siemenssiprotec_compact_7sj80_firmwareRange<4.77
Node
siemenssiprotec_compact_7sk80Match-
AND
siemenssiprotec_compact_7sk80_firmwareRange<4.77
Node
siemenssiprotec_4_7sj66Match-
AND
siemenssiprotec_4_7sj66_firmwareRange<4.30
Node
siemensdigsi_4Range<4.92
Node
siemensen100_ethernet_module_iec_104Match-
AND
siemensen100_ethernet_module_iec_104_firmwareMatch-
Node
siemensen100_ethernet_module_dnp3Match-
AND
siemensen100_ethernet_module_dnp3_firmwareMatch-
Node
siemensen100_ethernet_module_modbus_tcpMatch-
AND
siemensen100_ethernet_module_modbus_tcp_firmwareMatch-
Node
siemensen100_ethernet_module_profinet_ioMatch-
AND
siemensen100_ethernet_module_profinet_io_firmwareMatch-
Node
siemensen100_ethernet_module_iec_61850Match-
AND
siemensen100_ethernet_module_iec_61850_firmwareRange<4.30

CNA Affected

[
  {
    "product": "DIGSI 4",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.92"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module DNP3 variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V1.05.00"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module IEC 104 variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module IEC 61850 variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.30"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module Modbus TCP variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module PROFINET IO variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Other SIPROTEC 4 relays",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "Other SIPROTEC Compact relays",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SIPROTEC 4 7SD80",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.70"
      }
    ]
  },
  {
    "product": "SIPROTEC 4 7SJ61",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.96"
      }
    ]
  },
  {
    "product": "SIPROTEC 4 7SJ62",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.96"
      }
    ]
  },
  {
    "product": "SIPROTEC 4 7SJ64",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.96"
      }
    ]
  },
  {
    "product": "SIPROTEC 4 7SJ66",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.30"
      }
    ]
  },
  {
    "product": "SIPROTEC Compact 7SJ80",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.77"
      }
    ]
  },
  {
    "product": "SIPROTEC Compact 7SK80",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.77"
      }
    ]
  }
]

Related

nessus 2
prion 1
cvelist 1
nvd 1
ptsecurity 1
ics 1
nessus
nessus
Siemens Siprotec Unspecified Vulnerability
2019-11-08 00:00:00
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Inadequate Encryption Strength (CVE-2018-4839)
2022-02-07 00:00:00
prion
prion
Authorization
2018-03-08 17:29:00
cvelist
cvelist
CVE-2018-4839
2018-03-08 17:00:00
nvd
nvd
CVE-2018-4839
2018-03-08 17:29:00
ptsecurity
ptsecurity
PT-2018-04: Sensitive Information Disclosure in Siemens SIPROTEC 4 and SIPROTEC Compact relays
2015-12-17 00:00:00
ics
ics
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module (Update D)
2021-07-13 12:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON
Related for CVE-2018-4839
nessus2prion1cvelist1nvd1ptsecurity1ics1