Details of VAR-201609-0492

ID

VAR-201609-0492

CVE

CVE-2016-7113

TITLE

Siemens SIPROTEC 4/SIPROTEC Compact Denial of service vulnerability

Trust: 0.8

sources: IVD: 8829001c-06ef-4f0d-a415-c3cc2278fa17 // CNVD: CNVD-2016-07253

DESCRIPTION

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet Module contains service disruption ( Transition to defect mode (defect-mode transition)) There are vulnerabilities that are put into a state.Skillfully crafted by a third party HTTP Service disruption via packets ( Transition to defect mode (defect-mode transition)) There is a possibility of being put into a state. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. Siemens SIPROTEC 4, SIPROTEC Compact, a denial of service vulnerability exists in versions prior to EN100 Ethernet 4.29. A remote attacker can cause a denial of service by constructing an HTTP packet. An attacker can exploit this issue to cause denial-of-service conditions. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device

Trust: 2.97

sources: NVD: CVE-2016-7113 // JVNDB: JVNDB-2016-004538 // CNVD: CNVD-2016-07253 // BID: 92748 // BID: 99471 // IVD: 8829001c-06ef-4f0d-a415-c3cc2278fa17 // VULHUB: VHN-95933

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 8829001c-06ef-4f0d-a415-c3cc2278fa17 // CNVD: CNVD-2016-07253

AFFECTED PRODUCTS

vendor:	siemens	model:	en100 ethernet module	scope:	eq	version:	4.28	Trust: 1.6
vendor:	siemens	model:	en100 module	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 module	scope:	lt	version:	4.29	Trust: 0.8
vendor:	siemens	model:	siprotec compact <en100 ethernet	scope:	eq	version:	4.29	Trust: 0.6
vendor:	siemens	model:	siprotec <en100 ethernet	scope:	eq	version:	44.29	Trust: 0.6
vendor:	siemens	model:	reyrolle	scope:	eq	version:	0	Trust: 0.6
vendor:	siemens	model:	softnet profinet io	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec compact	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec 7ut686	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj686	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj66	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec 7sd686	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec	scope:	eq	version:	40	Trust: 0.3
vendor:	siemens	model:	modbus tcp	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	iec	scope:	eq	version:	1040	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	en100	scope:	eq	version:	4.20	Trust: 0.3
vendor:	siemens	model:	dnp3 tcp	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	profinet io	scope:	ne	version:	1.4.1	Trust: 0.3
vendor:	siemens	model:	en100	scope:	ne	version:	4.29.1	Trust: 0.3
vendor:	siemens	model:	en100	scope:	ne	version:	4.29	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module	scope:	eq	version:	4.29	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module	scope:	eq	version:	4.20	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module	scope:	ne	version:	4.29.1	Trust: 0.3
vendor:	en100 ethernet module	model:	-	scope:	eq	version:	4.28	Trust: 0.2

sources: IVD: 8829001c-06ef-4f0d-a415-c3cc2278fa17 // CNVD: CNVD-2016-07253 // BID: 92748 // BID: 99471 // JVNDB: JVNDB-2016-004538 // CNNVD: CNNVD-201609-041 // NVD: CVE-2016-7113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-7113
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-7113
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-07253
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201609-041
value:	HIGH
Trust: 0.6
IVD:	8829001c-06ef-4f0d-a415-c3cc2278fa17
value:	HIGH
Trust: 0.2
VULHUB:	VHN-95933
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-7113
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-07253
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	8829001c-06ef-4f0d-a415-c3cc2278fa17
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-95933
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-7113
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 8829001c-06ef-4f0d-a415-c3cc2278fa17 // CNVD: CNVD-2016-07253 // VULHUB: VHN-95933 // JVNDB: JVNDB-2016-004538 // CNNVD: CNNVD-201609-041 // NVD: CVE-2016-7113

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-95933 // JVNDB: JVNDB-2016-004538 // NVD: CVE-2016-7113

THREAT TYPE

network

Trust: 0.6

sources: BID: 92748 // BID: 99471

TYPE

Resource management error

Trust: 0.8

sources: IVD: 8829001c-06ef-4f0d-a415-c3cc2278fa17 // CNNVD: CNNVD-201609-041

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004538

PATCH

title:	SSA-630413	url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf	Trust: 0.8
title:	Siemens SIPROTEC 4/SIPROTEC Compact denial of service vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/81147	Trust: 0.6
title:	Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Repair measures for module security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63878	Trust: 0.6

sources: CNVD: CNVD-2016-07253 // JVNDB: JVNDB-2016-004538 // CNNVD: CNNVD-201609-041

EXTERNAL IDS

db:	NVD	id:	CVE-2016-7113	Trust: 3.9
db:	SIEMENS	id:	SSA-630413	Trust: 2.6
db:	ICS CERT	id:	ICSA-17-187-03	Trust: 2.2
db:	BID	id:	92748	Trust: 2.0
db:	BID	id:	99471	Trust: 1.4
db:	SIEMENS	id:	SSA-323211	Trust: 1.1
db:	ICS CERT	id:	ICSA-16-250-01	Trust: 1.1
db:	CNNVD	id:	CNNVD-201609-041	Trust: 0.9
db:	CNVD	id:	CNVD-2016-07253	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-334-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-004538	Trust: 0.8
db:	ICS CERT	id:	ICSA-17-187-02	Trust: 0.6
db:	NSFOCUS	id:	34719	Trust: 0.6
db:	IVD	id:	8829001C-06EF-4F0D-A415-C3CC2278FA17	Trust: 0.2
db:	VULHUB	id:	VHN-95933	Trust: 0.1

sources: IVD: 8829001c-06ef-4f0d-a415-c3cc2278fa17 // CNVD: CNVD-2016-07253 // VULHUB: VHN-95933 // BID: 92748 // BID: 99471 // JVNDB: JVNDB-2016-004538 // CNNVD: CNNVD-201609-041 // NVD: CVE-2016-7113

REFERENCES

url:	http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf	Trust: 2.6
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-187-03	Trust: 2.2
url:	http://www.securityfocus.com/bid/92748	Trust: 1.7
url:	http://www.securityfocus.com/bid/99471	Trust: 1.1
url:	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-16-250-01	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7113	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-334-01	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7113	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-17-187-02	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/34719	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2016-07253 // VULHUB: VHN-95933 // BID: 92748 // BID: 99471 // JVNDB: JVNDB-2016-004538 // CNNVD: CNNVD-201609-041 // NVD: CVE-2016-7113

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 92748

SOURCES

db:	IVD	id:	8829001c-06ef-4f0d-a415-c3cc2278fa17
db:	CNVD	id:	CNVD-2016-07253
db:	VULHUB	id:	VHN-95933
db:	BID	id:	92748
db:	BID	id:	99471
db:	JVNDB	id:	JVNDB-2016-004538
db:	CNNVD	id:	CNNVD-201609-041
db:	NVD	id:	CVE-2016-7113

LAST UPDATE DATE

2024-11-23T22:13:28.517000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-07253	date:	2016-09-07T00:00:00
db:	VULHUB	id:	VHN-95933	date:	2018-03-23T00:00:00
db:	BID	id:	92748	date:	2017-07-11T12:06:00
db:	BID	id:	99471	date:	2017-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-004538	date:	2017-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201609-041	date:	2016-09-06T00:00:00
db:	NVD	id:	CVE-2016-7113	date:	2024-11-21T02:57:29.400

SOURCES RELEASE DATE

db:	IVD	id:	8829001c-06ef-4f0d-a415-c3cc2278fa17	date:	2016-09-06T00:00:00
db:	CNVD	id:	CNVD-2016-07253	date:	2016-09-06T00:00:00
db:	VULHUB	id:	VHN-95933	date:	2016-09-06T00:00:00
db:	BID	id:	92748	date:	2016-09-05T00:00:00
db:	BID	id:	99471	date:	2017-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-004538	date:	2016-09-07T00:00:00
db:	CNNVD	id:	CNNVD-201609-041	date:	2016-09-06T00:00:00
db:	NVD	id:	CVE-2016-7113	date:	2016-09-06T00:59:01.883