#VU7379 Denial of service in SIPROTEC 4 and Siprotec Compact - CVE-2015-5374
Published: July 7, 2017 / Updated: June 17, 2021
Vulnerability identifier: #VU7379
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2015-5374
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
SIPROTEC 4
Siprotec Compact
SIPROTEC 4
Siprotec Compact
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error in the EN100 module. A remote attacker can send specially crafted packets to UDP port 50000 and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to an error in the EN100 module. A remote attacker can send specially crafted packets to UDP port 50000 and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Update SIPROTEC 4 to version 4.25.
Update SIPROTEC Compact to version 4.25.
Update SIPROTEC Compact to version 4.25.