Lucene search

[email protected]NVD:CVE-2016-4784

HistoryMay 31, 2016 - 1:59 a.m.

CVE-2016-4784

2016-05-3101:59:12

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

A vulnerability has been identified in firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.83; SIPROTEC 7UT686 : All versions < V 4.01; SIPROTEC 7SD686 : All versions < V 4.03; SIPROTEC 7SJ66 : All versions < V 4.20. The integrated web server (port 80/tcp) of the affected devices could allow remote attackers to obtain sensitive device information if network access was obtained.

Affected configurations

Nvd

Node

siemenssiprotec_firmwareMatch-

AND

siemenssiprotec_compact_model_7rw80Match-

siemenssiprotec_compact_model_7sd80Match-

siemenssiprotec_compact_model_7sj80Match-

siemenssiprotec_compact_model_7sj81Match-

siemenssiprotec_compact_model_7sk80Match-

siemenssiprotec_compact_model_7sk81Match-

Node

siemenssiprotec_4_en100Match-

siemenssiprotec_compact_model_en100Match-

AND

siemenssiprotec_firmwareMatch4.26

VendorProductVersionCPE
siemenssiprotec_firmware-cpe:2.3:o:siemens:siprotec_firmware:-:*:*:*:*:*:*:*
siemenssiprotec_compact_model_7rw80-cpe:2.3:h:siemens:siprotec_compact_model_7rw80:-:*:*:*:*:*:*:*
siemenssiprotec_compact_model_7sd80-cpe:2.3:h:siemens:siprotec_compact_model_7sd80:-:*:*:*:*:*:*:*
siemenssiprotec_compact_model_7sj80-cpe:2.3:h:siemens:siprotec_compact_model_7sj80:-:*:*:*:*:*:*:*
siemenssiprotec_compact_model_7sj81-cpe:2.3:h:siemens:siprotec_compact_model_7sj81:-:*:*:*:*:*:*:*
siemenssiprotec_compact_model_7sk80-cpe:2.3:h:siemens:siprotec_compact_model_7sk80:-:*:*:*:*:*:*:*
siemenssiprotec_compact_model_7sk81-cpe:2.3:h:siemens:siprotec_compact_model_7sk81:-:*:*:*:*:*:*:*
siemenssiprotec_4_en100-cpe:2.3:h:siemens:siprotec_4_en100:-:*:*:*:*:*:*:*
siemenssiprotec_compact_model_en100-cpe:2.3:h:siemens:siprotec_compact_model_en100:-:*:*:*:*:*:*:*
siemenssiprotec_firmware4.26cpe:2.3:o:siemens:siprotec_firmware:4.26:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	siprotec_firmware	-	cpe:2.3:o:siemens:siprotec_firmware:-:::::::*
siemens	siprotec_compact_model_7rw80	-	cpe:2.3:h:siemens:siprotec_compact_model_7rw80:-:::::::*
siemens	siprotec_compact_model_7sd80	-	cpe:2.3:h:siemens:siprotec_compact_model_7sd80:-:::::::*
siemens	siprotec_compact_model_7sj80	-	cpe:2.3:h:siemens:siprotec_compact_model_7sj80:-:::::::*
siemens	siprotec_compact_model_7sj81	-	cpe:2.3:h:siemens:siprotec_compact_model_7sj81:-:::::::*
siemens	siprotec_compact_model_7sk80	-	cpe:2.3:h:siemens:siprotec_compact_model_7sk80:-:::::::*
siemens	siprotec_compact_model_7sk81	-	cpe:2.3:h:siemens:siprotec_compact_model_7sk81:-:::::::*
siemens	siprotec_4_en100	-	cpe:2.3:h:siemens:siprotec_4_en100:-:::::::*
siemens	siprotec_compact_model_en100	-	cpe:2.3:h:siemens:siprotec_compact_model_en100:-:::::::*
siemens	siprotec_firmware	4.26	cpe:2.3:o:siemens:siprotec_firmware:4.26:::::::*

References

www.securityfocus.com/bid/90773

www.securityfocus.com/bid/99471

www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf

ics-cert.us-cert.gov/advisories/ICSA-16-140-02

ics-cert.us-cert.gov/advisories/ICSA-17-187-03

www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.005

Percentile

76.8%

JSON

Related for NVD:CVE-2016-4784

cve1 cvelist1 nessus2 prion1 ics10