Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension Missing Authentication For Critical Function (CVE-2018-4838)

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant All versions V4.30, EN100 Ethernet module DNP3 variant All versions V1.04, EN100 Ethernet module PROFINET IO variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module IEC 104...

Siemens EN100 Ethernet Module (Update A)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: EN100 Ethernet Module Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Cross-site Scripting, Relative Path Traversal 2. UPDATE...

Unauthorized Operation Vulnerability in Several Siemens Products

SIPROTEC 4, SIPROTEC Compact and Reyrolle devices provide a wide range of centralized protection, control and automation functions for substations and other applications. An unauthorized operation vulnerability exists in SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices extended with the EN100...

ICSA-18-067-02_Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Siemens Equipment: SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension Vulnerability: Missing Authentication for Critical Function 2. UPDATE...

Siemens Reyrolle

CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Siemens Equipment: Reyrolle Vulnerabilities: Missing Authorization, Improper Input Validation, Improper Authentication AFFECTED PRODUCTS Siemens reports that the vulnerabilities affect the following Reyrolle...