A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf | Patch Vendor Advisory |
https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2018-03-08T17:00:00
Updated: 2021-07-13T11:02:47
Reserved: 2018-01-02T00:00:00
Link: CVE-2018-4840
JSON object: View
NVD Information
Status : Modified
Published: 2018-03-08T17:29:00.307
Modified: 2021-07-13T12:15:09.093
Link: CVE-2018-4840
JSON object: View
Redhat Information
No data.
CWE