Sign-up

ID

VAR-201609-0493


CVE

CVE-2016-7114


TITLE

Siemens SIPROTEC 4/SIPROTEC Compact Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: 6587e038-6394-4a4e-a365-44f992122a59 // CNVD: CNVD-2016-07251

DESCRIPTION

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. Siemens SIPROTEC 4 and SIPROTEC Compact For devices EN100 Ethernet The module contains a vulnerability that prevents authentication and gains administrative access.By a third party, unspecified during the authentication session HTTP Via traffic, authentication may be bypassed and administrative access may be gained. SIPROTEC 4 and SIPROTEC Compact devices offer a wide range of centralized protection, control and automation functions for substations and other applications. This may aid in further attacks. EN100 Ethernet Modules for Reyrolle is prone to the following security vulnerabilities: : 1. Multiple information-disclosure vulnerabilities 2. A denial-of-service vulnerability 3. Multiple authentication-bypass vulnerabilities An attacker may leverage these issues to disclose sensitive information, perform certain unauthorized actions actions, gain unauthorized access, or bypass certain security restrictions and cause a denial-of-service condition. EN100 Ethernet Module prior to 4.29.01 are vulnerable. Both Siemens SIPROTEC 4 and SIPROTEC Compact are products of Siemens, Germany. Siemens SIPROTEC 4 is a series of multifunctional relays with a friendly man-machine interface. SIPROTEC Compact is a microcomputer protection device

Trust: 2.97

sources: NVD: CVE-2016-7114 // JVNDB: JVNDB-2016-004539 // CNVD: CNVD-2016-07251 // BID: 92745 // BID: 99471 // IVD: 6587e038-6394-4a4e-a365-44f992122a59 // VULHUB: VHN-95934

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 6587e038-6394-4a4e-a365-44f992122a59 // CNVD: CNVD-2016-07251

AFFECTED PRODUCTS

vendor:siemensmodel:en100 ethernet modulescope:eqversion:4.28

Trust: 1.6

vendor:siemensmodel:en100 modulescope: - version: -

Trust: 0.8

vendor:siemensmodel:en100 modulescope:ltversion:4.29

Trust: 0.8

vendor:siemensmodel:siprotec compact <en100 ethernetscope:eqversion:4.29

Trust: 0.6

vendor:siemensmodel:siprotec <en100 ethernetscope:eqversion:44.29

Trust: 0.6

vendor:siemensmodel:reyrollescope:eqversion:0

Trust: 0.6

vendor:siemensmodel:siprotec compactscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7ut686scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7sj686scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7sj66scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec 7sd686scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotecscope:eqversion:40

Trust: 0.3

vendor:siemensmodel:profinet ioscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:modbus tcpscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:iecscope:eqversion:1040

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:en100scope:eqversion:4.20

Trust: 0.3

vendor:siemensmodel:dnp3 tcpscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:profinet ioscope:neversion:1.4.1

Trust: 0.3

vendor:siemensmodel:en100scope:neversion:4.29.1

Trust: 0.3

vendor:siemensmodel:en100scope:neversion:4.29

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:eqversion:4.29

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:eqversion:4.20

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:neversion:4.29.1

Trust: 0.3

vendor:en100 ethernet modulemodel: - scope:eqversion:4.28

Trust: 0.2

sources: IVD: 6587e038-6394-4a4e-a365-44f992122a59 // CNVD: CNVD-2016-07251 // BID: 92745 // BID: 99471 // JVNDB: JVNDB-2016-004539 // CNNVD: CNNVD-201609-042 // NVD: CVE-2016-7114

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7114
value: HIGH

Trust: 1.0

NVD: CVE-2016-7114
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-07251
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-042
value: CRITICAL

Trust: 0.6

IVD: 6587e038-6394-4a4e-a365-44f992122a59
value: CRITICAL

Trust: 0.2

VULHUB: VHN-95934
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-7114
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-07251
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 6587e038-6394-4a4e-a365-44f992122a59
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-95934
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7114
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 6587e038-6394-4a4e-a365-44f992122a59 // CNVD: CNVD-2016-07251 // VULHUB: VHN-95934 // JVNDB: JVNDB-2016-004539 // CNNVD: CNNVD-201609-042 // NVD: CVE-2016-7114

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-399

Trust: 0.8

sources: VULHUB: VHN-95934 // JVNDB: JVNDB-2016-004539 // NVD: CVE-2016-7114

THREAT TYPE

network

Trust: 0.6

sources: BID: 92745 // BID: 99471

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201609-042

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004539

PATCH
title:SSA-630413url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf
Trust: 0.8
title:Siemens SIPROTEC 4/SIPROTEC Compact authentication bypass vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/81146
Trust: 0.6
title:Siemens SIPROTEC 4  and SIPROTEC Compact EN100 Ethernet Repair measures for module security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63879
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-07251 // 
            
            
            
            JVNDB: JVNDB-2016-004539 // 
            
            
            
            CNNVD: CNNVD-201609-042

EXTERNAL IDS
db:NVDid:CVE-2016-7114
Trust: 3.9
db:SIEMENSid:SSA-630413
Trust: 2.6
db:ICS CERTid:ICSA-17-187-03
Trust: 2.2
db:BIDid:92745
Trust: 2.0
db:BIDid:99471
Trust: 1.4
db:SIEMENSid:SSA-323211
Trust: 1.1
db:ICS CERTid:ICSA-16-250-01
Trust: 1.1
db:CNNVDid:CNNVD-201609-042
Trust: 0.9
db:CNVDid:CNVD-2016-07251
Trust: 0.8
db:ICS CERTid:ICSA-17-334-01
Trust: 0.8
db:JVNDBid:JVNDB-2016-004539
Trust: 0.8
db:ICS CERTid:ICSA-17-187-02
Trust: 0.6
db:NSFOCUSid:34718
Trust: 0.6
db:IVDid:6587E038-6394-4A4E-A365-44F992122A59
Trust: 0.2
db:VULHUBid:VHN-95934
Trust: 0.1
sources:
            
            
            IVD: 6587e038-6394-4a4e-a365-44f992122a59 // 
            
            
            
            CNVD: CNVD-2016-07251 // 
            
            
            
            VULHUB: VHN-95934 // 
            
            
            
            BID: 92745 // 
            
            
            
            BID: 99471 // 
            
            
            
            JVNDB: JVNDB-2016-004539 // 
            
            
            
            CNNVD: CNNVD-201609-042 // 
            
            
            
            NVD: CVE-2016-7114

REFERENCES
url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf
Trust: 2.6
url:https://ics-cert.us-cert.gov/advisories/icsa-17-187-03
Trust: 2.2
url:http://www.securityfocus.com/bid/92745
Trust: 1.7
url:http://www.securityfocus.com/bid/99471
Trust: 1.1
url:https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-323211.pdf
Trust: 1.1
url:https://ics-cert.us-cert.gov/advisories/icsa-16-250-01
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7114
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-334-01
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-7114
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsa-17-187-02
Trust: 0.6
url:http://www.nsfocus.net/vulndb/34718
Trust: 0.6
url:http://www.siemens.com/
Trust: 0.3
url:http://subscriber.communications.siemens.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-07251 // 
            
            
            
            VULHUB: VHN-95934 // 
            
            
            
            BID: 92745 // 
            
            
            
            BID: 99471 // 
            
            
            
            JVNDB: JVNDB-2016-004539 // 
            
            
            
            CNNVD: CNNVD-201609-042 // 
            
            
            
            NVD: CVE-2016-7114

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 92745

SOURCES
db:IVDid:6587e038-6394-4a4e-a365-44f992122a59
db:CNVDid:CNVD-2016-07251
db:VULHUBid:VHN-95934
db:BIDid:92745
db:BIDid:99471
db:JVNDBid:JVNDB-2016-004539
db:CNNVDid:CNNVD-201609-042
db:NVDid:CVE-2016-7114

LAST UPDATE DATE
2024-11-23T22:13:28.614000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-07251date:2016-09-07T00:00:00
db:VULHUBid:VHN-95934date:2018-03-23T00:00:00
db:BIDid:92745date:2017-07-11T12:06:00
db:BIDid:99471date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2016-004539date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201609-042date:2016-09-06T00:00:00
db:NVDid:CVE-2016-7114date:2024-11-21T02:57:29.550

SOURCES RELEASE DATE
db:IVDid:6587e038-6394-4a4e-a365-44f992122a59date:2016-09-06T00:00:00
db:CNVDid:CNVD-2016-07251date:2016-09-06T00:00:00
db:VULHUBid:VHN-95934date:2016-09-06T00:00:00
db:BIDid:92745date:2016-09-05T00:00:00
db:BIDid:99471date:2017-07-06T00:00:00
db:JVNDBid:JVNDB-2016-004539date:2016-09-07T00:00:00
db:CNNVDid:CNNVD-201609-042date:2016-09-06T00:00:00
db:NVDid:CVE-2016-7114date:2016-09-06T00:59:02.977