Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OT_500163.NASLHistoryNov 08, 2019 - 12:00 a.m.
Siemens En100 Missing Authentication for Critical Function
2019-11-0800:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
EPSS
0.001
Percentile
40.0%
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
File data ot_500163.naslRelated
ics
ics
cvelist
cvelist
CVE-2018-4838
2018-03-08 17:00:00
nvd
nvd
CVE-2018-4838
2018-03-08 17:29:00
ptsecurity
ptsecurity
prion
prion
Design/Logic Flaw
2018-03-08 17:29:00
cve
cve
CVE-2018-4838
2018-03-08 17:29:00
nessus
nessus
threatpost
threatpost
Siemens Warns of Critical Remote-Code Execution ICS Flaw
2019-02-12 22:59:46