CVE-2022-30937

2022-06-1409:21:54

CWE-119

siemens

www.cve.org

cve-2022-30937

en100 ethernet

memory corruption

denial of service

EPSS

0.001

Percentile

33.4%

JSON

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.

CNA Affected

[
  {
    "product": "EN100 Ethernet module DNP3 IP variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module IEC 104 variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module IEC 61850 variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.37"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module Modbus TCP variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "EN100 Ethernet module PROFINET IO variant",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-693555.pdf

EPSS

0.001

Percentile

33.4%

JSON

Related for CVELIST:CVE-2022-30937