CVE-2019-13944: Path Traversal
First published: Thu Dec 12 2019(Updated: )
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). A vulnerability in the integrated web server of the affected devices could allow unauthorized attackers to obtain sensitive information about the device, including logs and configurations. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens EN100 Ethernet Module DNP3 Firmware | ||
| Siemens EN100 Ethernet Module IEC 61850 | <4.37 | |
| Siemens EN100 Ethernet Module with Firmware variant IEC104 | ||
| Siemens EN100 Ethernet Module with MODBUS TCP Firmware | ||
| Siemens EN100 Ethernet module PROFINET IO Firmware | ||
| siemens EN100 Ethernet module DNP3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-13944?
CVE-2019-13944 is rated as high severity due to the potential impact on availability and confidentiality.
How do I fix CVE-2019-13944?
To address CVE-2019-13944, users should upgrade to the latest firmware version provided by Siemens for their impacted EN100 Ethernet modules.
Which versions are affected by CVE-2019-13944?
All versions of the EN100 Ethernet module DNP3, IEC 61850 (versions below 4.37), IEC104, Modbus TCP, and PROFINET IO variants are affected by CVE-2019-13944.
What products are impacted by CVE-2019-13944?
CVE-2019-13944 impacts various Siemens EN100 Ethernet module firmware variants including DNP3, IEC 61850, IEC104, Modbus TCP, and PROFINET IO.
Is CVE-2019-13944 going to be patched?
Yes, Siemens has issued patches for CVE-2019-13944, and users are advised to follow the vendor's instructions for remediation.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens en100 ethernet module dnp3 firmware
- canonical/siemens en100 ethernet module iec 61850
- canonical/siemens en100 ethernet module with firmware variant iec104
- canonical/siemens en100 ethernet module with modbus tcp firmware
- canonical/siemens en100 ethernet module profinet io firmware
- canonical/siemens en100 ethernet module dnp3