26 matches found
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...
Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module Missing Authentication For Critical Function (CVE-2018-4840)
A vulnerability has been identified in DIGSI 4 All versions V4.92, EN100 Ethernet module DNP3 variant All versions V1.05.00, EN100 Ethernet module IEC 104 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module Modbus TCP variant All versions, EN100...
CVE-2019-19279
CVE-2019-19279 affects Siemens SIPROTEC 4 and SIPROTEC Compact relays with EN100 Ethernet modules (all versions). The issue is caused by sending specially crafted packets to UDP port 50000, which can trigger a network-denial-of-service on the affected device. Recovery requires a manual reboot. At...
CVE-2019-19279
A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules All versions. Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A...
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families Denial of Service Vulnerability
SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families are offering integrated protection, control, measurement and automation functions for substations and other applications. A denial of service vulnerability exists in SIEMENS SIPROTEC 4 and SIPROTEC Compact Relay Families. An attacker can...
Siemens EN100 Ethernet Module (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal 2. UPDATE...
Siemens Siprotec Exposure of Sensitive Information to an Unauthorized Actor
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...
Siemens Siprotec Unspecified Vulnerability
A vulnerability has been identified in Siemens DIGSI 4 All versions V4.92, EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module PROFINET IO variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module DNP3 variant All versions,...
ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension Vulnerability: Missing Authentication for Critical Function 2. UPDATE...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service Exploit
Exploit for hardware platform in category dos / poc Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include...
Siemens SIPROTEC 4 / Compact EN100 Ethernet Module Denial Of Service
Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include the EN100 Ethernet module version...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service
Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include the EN100 Ethernet module version...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update C)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update A)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the original...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update D)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens SIPROTEC 4 and SIPROTEC Compact (Update B)
CVSS v3 8.6 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: SIPROTEC 4 and SIPROTEC Compact Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication UPDATE INFORMATION This updated advisory is a follow-up to the updated...
Siemens SIPROTEC 4/SIPROTEC Compact Authentication Bypass Vulnerability (CNVD-2016-07252)
SIPROTEC 4 and SIPROTEC Compact devices provide a wide range of centralized protection, control and automation functions for substations and other applications. An authentication bypass vulnerability exists in Siemens SIPROTEC 4, SIPROTEC Compact devices, versions prior to EN100 Ethernet 4.29. A...
Siemens SIPROTEC 4/SIPROTEC Compact Denial of Service Vulnerability
SIPROTEC 4 and SIPROTEC Compact devices provide a wide range of centralized protection, control and automation functions for substations and other applications. A denial of service vulnerability exists in Siemens SIPROTEC 4, SIPROTEC Compact devices, versions prior to EN100 Ethernet 4.29. A remot...
Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities
OVERVIEW Siemens reports that they have released a firmware update for SIPROTEC 4 and SIPROTEC Compact devices to mitigate authentication bypass and resource exhaustion vulnerabilities. Kirill Nesterov and Anatoly Katushin from Kaspersky Lab reported some of these vulnerabilities directly to...
CVE-2016-4785
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions V1.03; Firmware variant IEC 104...