First published: Thu Mar 08 2018(Updated: )
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Siprotec Compact 7sj80 Firmware | <4.77 | |
Siemens Siprotec Compact 7sj80 | ||
Siemens Siprotec Compact 7sk80 Firmware | <4.77 | |
Siemens Siprotec Compact 7sk80 | ||
Siemens Siprotec 4 7sj66 Firmware | <4.30 | |
Siemens Siprotec 4 7sj66 | ||
Siemens Digsi 4 | <4.92 | |
Siemens En100 Ethernet Module Iec 104 Firmware | ||
Siemens En100 Ethernet Module Iec 104 | ||
Siemens En100 Ethernet Module Dnp3 Firmware | ||
Siemens En100 Ethernet Module Dnp3 | ||
Siemens En100 Ethernet Module Modbus Tcp Firmware | ||
Siemens En100 Ethernet Module Modbus Tcp | ||
Siemens En100 Ethernet Module Profinet Io Firmware | ||
Siemens En100 Ethernet Module Profinet Io | ||
Siemens En100 Ethernet Module Iec 61850 Firmware | <4.30 | |
Siemens En100 Ethernet Module Iec 61850 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2018-4839.
CVE-2018-4839 has a severity of 5.3 (medium).
DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), and EN100 Ethernet module Modbus TCP variant (All versions).
Update to DIGSI 4 version V4.92 or later, EN100 Ethernet module DNP3 variant version V1.05.00 or later, EN100 Ethernet module IEC 61850 variant version V4.30 or later to fix CVE-2018-4839.
You can find more information about CVE-2018-4839 in the following references: [Siemens Cert Portal](https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf) and [US-CERT Advisory](https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01).