Information disclosure in SIPROTEC 4 and Siprotec Compact - CVE-2016-4784
Published: July 7, 2017
Vulnerability identifier: #VU7380
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4784
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
SIPROTEC 4
Siprotec Compact
SIPROTEC 4
Siprotec Compact
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in the integrated web server (Port 80/TCP). A remote attacker can send specially crafted HTTP request and read arbitrary data on the device.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to an error in the integrated web server (Port 80/TCP). A remote attacker can send specially crafted HTTP request and read arbitrary data on the device.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2016-4784
Update SIPROTEC 4 to version 4.27.
Update SIPROTEC Compact to version 4.76.
Update SIPROTEC Compact to version 4.76.