Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2018-11451 CVE-2018-11452 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
Vulnerable software Subscribe |
SIPROTEC 5 Hardware solutions / Security hardware applicances EN100 Ethernet module IEC 104 variant Hardware solutions / Security hardware applicances EN100 Ethernet module DNP3 TCP variant Hardware solutions / Security hardware applicances EN100 Ethernet module Modbus TCP variant Hardware solutions / Security hardware applicances EN100 Ethernet module PROFINET IO variant Hardware solutions / Security hardware applicances EN100 Ethernet module IEC 61850 variant Hardware solutions / Security hardware applicances |
Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU13878
Risk: Low
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-11451
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionInstall update from vendor's website.
SIPROTEC 5: All versions
EN100 Ethernet module IEC 104 variant: All versions
EN100 Ethernet module DNP3 TCP variant: All versions
EN100 Ethernet module Modbus TCP variant: All versions
EN100 Ethernet module PROFINET IO variant: All versions
EN100 Ethernet module IEC 61850 variant: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU13879
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-11452
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionInstall update from vendor's website.
SIPROTEC 5: All versions
EN100 Ethernet module IEC 104 variant: All versions
EN100 Ethernet module DNP3 TCP variant: All versions
EN100 Ethernet module Modbus TCP variant: All versions
EN100 Ethernet module PROFINET IO variant: All versions
EN100 Ethernet module IEC 61850 variant: All versions
External linkshttp://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.