SB2016090501 - Multiple vulnerabilities in Siemens SIPROTEC 4 and SIPROTEC Compact
Published: September 5, 2016 Updated: July 7, 2017
Security Bulletin ID
SB2016090501
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Security restrictions bypass (CVE-ID: CVE-2016-7112)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to an error related to EN100 Ethernet module. A remote attacker can send specially crafted HTTP request and bypass access restrictions.
Successful exploitation of the vulnerability results in administrative access to the system.
2) Denial of service (CVE-ID: CVE-2016-7113)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to an error in the EN100 Ethernet module. A remote attacker can send specially crafted HTTP packets to TCP port 80 and cause the device to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Security restrictions bypass (CVE-ID: CVE-2016-7114)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass security restrictions.
The weakness exists due to an error related to EN100 Ethernet module. A remote attacker can send specially crafted HTTP request and bypass access restrictions.
Successful exploitation of the vulnerability results in administrative access to the system.
Remediation
Install update from vendor's website.