CVE-2018-4838
First published: Thu Mar 08 2018(Updated: )
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens En100 Ethernet Module Iec 104 Firmware | ||
| Siemens En100 Ethernet Module Iec 104 | ||
| Siemens En100 Ethernet Module Dnp3 Firmware | ||
| Siemens En100 Ethernet Module Dnp3 | ||
| Siemens En100 Ethernet Module Modbus Tcp Firmware | ||
| Siemens En100 Ethernet Module Modbus Tcp | ||
| Siemens En100 Ethernet Module Profinet Io Firmware | ||
| Siemens En100 Ethernet Module Profinet Io | ||
| Siemens En100 Ethernet Module Iec 61850 Firmware | <4.30 | |
| Siemens En100 Ethernet Module Iec 61850 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-4838.
What is the severity of CVE-2018-4838?
The severity of CVE-2018-4838 is high with a CVSS score of 7.5.
Which software versions are affected by CVE-2018-4838?
CVE-2018-4838 affects all versions of EN100 Ethernet module IEC 61850 variant below V4.30, EN100 Ethernet module DNP3 variant below V1.04, EN100 Ethernet module PROFINET IO variant (all versions), and EN100 Ethernet module Modbus TCP variant (all versions).
How can I fix CVE-2018-4838?
There is no known fix for CVE-2018-4838 at the moment. It is recommended to follow the mitigation steps provided by the vendor.
Where can I find more information about CVE-2018-4838?
You can find more information about CVE-2018-4838 in the following references: [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf), [US-CERT Advisory](https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01), [SecurityFocus](https://www.securityfocus.com/bid/103379).
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens en100 ethernet module iec 104 firmware
- canonical/siemens en100 ethernet module iec 104
- canonical/siemens en100 ethernet module dnp3 firmware
- canonical/siemens en100 ethernet module dnp3
- canonical/siemens en100 ethernet module modbus tcp firmware
- canonical/siemens en100 ethernet module modbus tcp
- canonical/siemens en100 ethernet module profinet io firmware
- canonical/siemens en100 ethernet module profinet io
- canonical/siemens en100 ethernet module iec 61850 firmware
- canonical/siemens en100 ethernet module iec 61850