#VU7380 Information disclosure in SIPROTEC 4 and Siprotec Compact - CVE-2016-4784
Published: July 7, 2017
Vulnerability identifier: #VU7380
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4784
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SIPROTEC 4
Siprotec Compact
SIPROTEC 4
Siprotec Compact
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error in the integrated web server (Port 80/TCP). A remote attacker can send specially crafted HTTP request and read arbitrary data on the device.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to an error in the integrated web server (Port 80/TCP). A remote attacker can send specially crafted HTTP request and read arbitrary data on the device.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update SIPROTEC 4 to version 4.27.
Update SIPROTEC Compact to version 4.76.
Update SIPROTEC Compact to version 4.76.