CVE-2018-11452

CVE-2018-11452 affects Siemens EN100 Ethernet Module firmware variants (IEC 61850, PROFINET IO, Modbus TCP, DNP3 TCP, IEC104). The root cause is an improper handling of crafted packets to port 102/TCP that can trigger a Denial-of-Service condition when oscillographs are running, compromising avai...

ICSA-18-347-02 Siemens EN100 Ethernet Communication Module and SIPROTEC 5 Relays (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Communication Module and SIPROTEC 5 relays Vulnerabilities: Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...

Siemens Medium Voltage SINAMICS Products (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Medium Voltage SINAMICS Products Vulnerabilities : Improper Input Validation 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...

Denial of Service Vulnerability in Multiple Siemens Products (CNVD-2018-06025)

The SIMATIC CP 343-1 Advanced is an Ethernet communication module that supports PROFINET, the new generation of automation bus standards based on industrial Ethernet technology. 1500 is a programmable logic controller. A denial of service vulnerability exists in several Siemens products. An...

Design/Logic Flaw

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 All versions V7.0.3, SIMATIC S7-400 CPU 414F-3 PN/DP V7 All versions V7.0.3, SIMATIC S7-400 CPU 416-3 PN/DP V7 All versions V7.0.3, SIMATIC S7-400 CPU 416F-3 PN/DP V7 All versions V7.0.3, SIMATIC CP 343-1 incl. SIPLUS varian...

CVE-2018-4843

CVE-2018-4843 affects Siemens SIMATIC/PROFINET devices (CP 343-1/CP 443-1, ET 200S/ET 200pro, S7-1500/300/400 families, WinAC RTX, SINUMERIK, Softnet PROFINET IO, etc.). The flaw is improper input validation in handling PROFINET DCP requests, allowing a specially crafted DCP packet to trigger a d...

Siemens SIMATIC, SINUMERIK, and PROFINET IO (Update D)

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2018-4840

A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...

Authorization

A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...

CVE-2018-4838

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module DNP3 variant All versions V1.04, EN100 Ethernet module PROFINET IO variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module IEC 104...

CVE-2018-4838

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module DNP3 variant All versions V1.04, EN100 Ethernet module PROFINET IO variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module IEC 104...

CVE-2018-4840

A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...

CVE-2018-4840

CVE-2018-4840 affects Siemens DIGSI 4 and EN100 Ethernet modules (DNP3, IEC 104, IEC 61850, Modbus TCP, PROFINET IO). The issue allows an unauthenticated remote attacker to upload a modified device configuration that overwrites the access-authorization passwords. Affected products include DIGSI 4...

CVE-2018-4838

CVE-2018-4838 affects Siemens EN100 Ethernet module variants (IEC 61850 < V4.30, DNP3 < V1.04, PROFINET IO, Modbus TCP, IEC 104

ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension Vulnerability: Missing Authentication for Critical Function 2. UPDATE...

Debian DLA-1226-1 : wireshark security update

It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARPMPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code. For Debian 7 'Wheezy', these problems have been fixed ...

[SECURITY] [DLA 1226-1] wireshark security update

Package : wireshark Version : 1.12.1+g01b65bf-4+deb8u6deb7u8 CVE ID : CVE-2017-11408 CVE-2017-17083 CVE-2017-17084 CVE-2017-17085 It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARPMPA, NetBIOS, Profinet I/O and...

Design/Logic Flaw

A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC Compact Field Unit, SIMATIC ET200AL, SIMATIC ET200M...

CVE-2017-12741

CVE-2017-12741 corresponds to an Improper Input Validation (CWE-20) vulnerability in Siemens industrial products. The issue allows specially crafted UDP packets to port 161/UDP to trigger a denial-of-service condition, with exposed devices requiring manual restart. Affected products include PROFI...

Debian DSA-4060-1 : wireshark - security update

It was discovered that wireshark, a network protocol analyzer, contained several vulnerabilities in the dissectors for CIP Safety, IWARPMPA, NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. T...