First published: Tue Jun 14 2022(Updated: )
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens En100 Ethernet Module Dnp3 Firmware | ||
Siemens En100 Ethernet Module Iec 104 Firmware | ||
Siemens En100 Ethernet Module Iec 61850 Firmware | <4.37 | |
Siemens En100 Ethernet Module Modbus Tcp Firmware | ||
Siemens En100 Ethernet Module Profinet Io Firmware | ||
Siemens En100 Ethernet Module |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-30937.
The severity of CVE-2022-30937 is high, with a CVSS score of 7.5.
The following Siemens EN100 Ethernet modules and their respective firmware versions are affected: EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (Versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), and EN100 Ethernet module PROFINET IO variant (All versions).
Siemens has not released a specific fix for CVE-2022-30937 at the moment. It is recommended to follow the mitigation measures provided in the Siemens Security Advisory.
You can find more information about CVE-2022-30937 in the Siemens Security Advisory available at the following link: [Siemens Security Advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-693555.pdf)