CVE-2018-4840
First published: Thu Mar 08 2018(Updated: )
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Siprotec Compact 7SJ80 | <4.77 | |
| Siemens SIPROTEC Compact 7SJ80 | ||
| Siemens Siprotec Compact 7SK80 | <4.77 | |
| siemens SIPROTEC compact model 7sk80 | ||
| Siemens SIPROTEC 4 7SJ66 | <4.30 | |
| Siemens SIPROTEC 4 7SJ66 Firmware | ||
| Siemens DIGSI 4 firmware | <4.92 | |
| Siemens EN100 Ethernet Module IEC 104 | ||
| Siemens EN100 Ethernet Module IEC 104 Firmware | ||
| Siemens EN100 Ethernet Module DNP3 Firmware | ||
| Siemens EN100 Ethernet Module DNP3 Firmware | ||
| Siemens EN100 Ethernet Module Modbus TCP | ||
| Siemens EN100 Ethernet Module Modbus TCP | ||
| Siemens EN100 Ethernet Module PROFINET IO | ||
| Siemens EN100 Ethernet module PROFINET IO Firmware | ||
| Siemens EN100 Ethernet Module IEC 61850 | <4.30 | |
| Siemens EN100 Ethernet Module IEC 61850 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-4840?
The severity of CVE-2018-4840 is high with a severity value of 7.5.
What software versions are affected by CVE-2018-4840?
DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), and EN100 Ethernet module Modbus TCP variant (All versions) are affected by CVE-2018-4840.
How can I fix CVE-2018-4840?
Apply the necessary updates and patches provided by Siemens to mitigate the vulnerability.
Where can I find more information about CVE-2018-4840?
You can find more information about CVE-2018-4840 in the Siemens ProductCERT advisory (https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf) and the ICS-CERT advisory (https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01).
What is the Common Weakness Enumeration (CWE) ID of CVE-2018-4840?
The CWE ID of CVE-2018-4840 is CWE-306.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens siprotec compact 7sj80
- canonical/siemens siprotec compact 7sk80
- canonical/siemens siprotec compact model 7sk80
- canonical/siemens siprotec 4 7sj66
- canonical/siemens siprotec 4 7sj66 firmware
- canonical/siemens digsi 4 firmware
- canonical/siemens en100 ethernet module iec 104
- canonical/siemens en100 ethernet module iec 104 firmware
- canonical/siemens en100 ethernet module dnp3 firmware
- canonical/siemens en100 ethernet module modbus tcp
- canonical/siemens en100 ethernet module profinet io
- canonical/siemens en100 ethernet module profinet io firmware
- canonical/siemens en100 ethernet module iec 61850