ID

VAR-201609-0491


CVE

CVE-2016-7112


TITLE

Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet Vulnerabilities that prevent authentication in modules

Trust: 0.8

sources: JVNDB: JVNDB-2016-004537

DESCRIPTION

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.Unspecified by a third party HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device

Trust: 2.97

sources: NVD: CVE-2016-7112 // JVNDB: JVNDB-2016-004537 // CNVD: CNVD-2016-07252 // BID: 92747 // BID: 99471 // IVD: 1307e109-ec55-4a56-8c42-5bdb6d92daa3 // VULHUB: VHN-95932

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1307e109-ec55-4a56-8c42-5bdb6d92daa3 // CNVD: CNVD-2016-07252

AFFECTED PRODUCTS

vendor:siemensmodel:en100 ethernet modulescope:lteversion:4.28

Trust: 1.0

vendor:siemensmodel:en100 modulescope: - version: -

Trust: 0.8

vendor:siemensmodel:en100 modulescope:ltversion:4.29

Trust: 0.8

vendor:siemensmodel:siprotec compact <en100 ethernetscope:eqversion:4.29

Trust: 0.6

vendor:siemensmodel:siprotec <en100 ethernetscope:eqversion:44.29

Trust: 0.6

vendor:siemensmodel:en100 ethernet modulescope:eqversion:4.28

Trust: 0.6

vendor:siemensmodel:siprotec compactscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7ut686scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7sj686scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7sj66scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7sd686scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotecscope:eqversion:40

Trust: 0.3

vendor:siemensmodel:profinet ioscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:modbus tcpscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:iecscope:eqversion:1040

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:en100scope:eqversion:4.20

Trust: 0.3

vendor:siemensmodel:dnp3 tcpscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:profinet ioscope:neversion:1.4.1

Trust: 0.3

vendor:siemensmodel:en100scope:neversion:4.29.1

Trust: 0.3

vendor:siemensmodel:en100scope:neversion:4.29

Trust: 0.3

vendor:siemensmodel:reyrollescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:eqversion:4.29

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:eqversion:4.20

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:neversion:4.29.1

Trust: 0.3

vendor:en100 ethernet modulemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 1307e109-ec55-4a56-8c42-5bdb6d92daa3 // CNVD: CNVD-2016-07252 // BID: 92747 // BID: 99471 // JVNDB: JVNDB-2016-004537 // CNNVD: CNNVD-201609-040 // NVD: CVE-2016-7112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7112
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-7112
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2016-07252
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-040
value: CRITICAL

Trust: 0.6

IVD: 1307e109-ec55-4a56-8c42-5bdb6d92daa3
value: CRITICAL

Trust: 0.2

VULHUB: VHN-95932
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-7112
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-07252
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1307e109-ec55-4a56-8c42-5bdb6d92daa3
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-95932
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7112
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 1307e109-ec55-4a56-8c42-5bdb6d92daa3 // CNVD: CNVD-2016-07252 // VULHUB: VHN-95932 // JVNDB: JVNDB-2016-004537 // CNNVD: CNNVD-201609-040 // NVD: CVE-2016-7112

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-95932 // JVNDB: JVNDB-2016-004537 // NVD: CVE-2016-7112

THREAT TYPE

network

Trust: 0.6

sources: BID: 92747 // BID: 99471

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201609-040

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004537

PATCH

title:SSA-630413url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf

Trust: 0.8

title:Patch for Siemens SIPROTEC 4/SIPROTEC Compact Authentication Bypass Vulnerability (CNVD-2016-07252)url:https://www.cnvd.org.cn/patchInfo/show/81145

Trust: 0.6

title:Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63877

Trust: 0.6

sources: CNVD: CNVD-2016-07252 // JVNDB: JVNDB-2016-004537 // CNNVD: CNNVD-201609-040

EXTERNAL IDS

db:NVDid:CVE-2016-7112

Trust: 3.9

db:SIEMENSid:SSA-630413

Trust: 2.6

db:ICS CERTid:ICSA-17-187-03

Trust: 2.2

db:BIDid:92747

Trust: 2.0

db:BIDid:99471

Trust: 1.4

db:SIEMENSid:SSA-323211

Trust: 1.1

db:ICS CERTid:ICSA-16-250-01

Trust: 1.1

db:CNNVDid:CNNVD-201609-040

Trust: 0.9

db:CNVDid:CNVD-2016-07252

Trust: 0.8

db:ICS CERTid:ICSA-17-334-01

Trust: 0.8

db:JVNDBid:JVNDB-2016-004537

Trust: 0.8

db:ICS CERTid:ICSA-17-187-02

Trust: 0.6

db:NSFOCUSid:34720

Trust: 0.6

db:IVDid:1307E109-EC55-4A56-8C42-5BDB6D92DAA3

Trust: 0.2

db:VULHUBid:VHN-95932

Trust: 0.1

sources: IVD: 1307e109-ec55-4a56-8c42-5bdb6d92daa3 // CNVD: CNVD-2016-07252 // VULHUB: VHN-95932 // BID: 92747 // BID: 99471 // JVNDB: JVNDB-2016-004537 // CNNVD: CNNVD-201609-040 // NVD: CVE-2016-7112

REFERENCES

url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf

Trust: 2.6

url:https://ics-cert.us-cert.gov/advisories/icsa-17-187-03

Trust: 2.2

url:http://www.securityfocus.com/bid/92747

Trust: 1.7

url:http://www.securityfocus.com/bid/99471

Trust: 1.1

url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf

Trust: 1.1

url:https://ics-cert.us-cert.gov/advisories/icsa-16-250-01

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7112

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-17-334-01

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7112

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsa-17-187-02

Trust: 0.6

url:http://www.nsfocus.net/vulndb/34720

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

url:http://subscriber.communications.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2016-07252 // VULHUB: VHN-95932 // BID: 92747 // BID: 99471 // JVNDB: JVNDB-2016-004537 // CNNVD: CNNVD-201609-040 // NVD: CVE-2016-7112

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 92747

SOURCES

db:IVDid:1307e109-ec55-4a56-8c42-5bdb6d92daa3
db:CNVDid:CNVD-2016-07252
db:VULHUBid:VHN-95932
db:BIDid:92747
db:BIDid:99471
db:JVNDBid:JVNDB-2016-004537
db:CNNVDid:CNNVD-201609-040
db:NVDid:CVE-2016-7112

LAST UPDATE DATE

2024-11-23T22:13:28.712000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-07252date:2016-09-07T00:00:00
db:VULHUBid:VHN-95932date:2018-03-23T00:00:00
db:BIDid:92747date:2017-07-11T12:06:00
db:BIDid:99471date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2016-004537date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201609-040date:2016-09-06T00:00:00
db:NVDid:CVE-2016-7112date:2024-11-21T02:57:29.247

SOURCES RELEASE DATE

db:IVDid:1307e109-ec55-4a56-8c42-5bdb6d92daa3date:2016-09-06T00:00:00
db:CNVDid:CNVD-2016-07252date:2016-09-06T00:00:00
db:VULHUBid:VHN-95932date:2016-09-06T00:00:00
db:BIDid:92747date:2016-09-05T00:00:00
db:BIDid:99471date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2016-004537date:2016-09-07T00:00:00
db:CNNVDid:CNNVD-201609-040date:2016-09-06T00:00:00
db:NVDid:CVE-2016-7112date:2016-09-06T00:59:00.117