Vulnerability Description
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | En100 Ethernet Module Iec 104 Firmware | - |
| Siemens | En100 Ethernet Module Iec 104 | - |
| Siemens | En100 Ethernet Module Dnp3 Firmware | - |
| Siemens | En100 Ethernet Module Dnp3 | - |
| Siemens | En100 Ethernet Module Modbus Tcp Firmware | - |
| Siemens | En100 Ethernet Module Modbus Tcp | - |
| Siemens | En100 Ethernet Module Profinet Io Firmware | - |
| Siemens | En100 Ethernet Module Profinet Io | - |
| Siemens | En100 Ethernet Module Iec 61850 Firmware | < 4.30 |
| Siemens | En100 Ethernet Module Iec 61850 | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdfPatchVendor Advisory
- https://www.securityfocus.com/bid/103379
- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01Third Party AdvisoryUS Government Resource
- https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdfPatchVendor Advisory
- https://www.securityfocus.com/bid/103379
FAQ
What is CVE-2018-4838?
CVE-2018-4838 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO vari...
How severe is CVE-2018-4838?
CVE-2018-4838 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-4838?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens En100 Ethernet Module Iec 104 Firmware, Siemens En100 Ethernet Module Iec 104, Siemens En100 Ethernet Module Dnp3 Firmware, Siemens En100 Ethernet Module Dnp3, Siemens En100 Ethernet Module Modbus Tcp Firmware.