Details of VAR-201803-2155

ID

VAR-201803-2155

CVE

CVE-2018-4838

TITLE

plural Siemens Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-002719

DESCRIPTION

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22). The web interface (TCP/80) of affected devices allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities. plural Siemens The product contains an access control vulnerability.Information may be tampered with. SIPROTEC 4, SIPROTEC Compact and Reyrolle equipment offer a wide range of centralized protection, control and automation functions for substations and other applications. Multiple Siemens EN100 Ethernet Modules are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism. This may aid in further attacks. A security vulnerability exists in the web interface (TCP/80) in several Siemens products

Trust: 2.7

sources: NVD: CVE-2018-4838 // JVNDB: JVNDB-2018-002719 // CNVD: CNVD-2018-04834 // BID: 103379 // IVD: e2e52650-39ab-11e9-ad8d-000c29342cb1 // VULHUB: VHN-134869

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e52650-39ab-11e9-ad8d-000c29342cb1 // CNVD: CNVD-2018-04834

AFFECTED PRODUCTS

vendor:	siemens	model:	en100 ethernet module dnp3	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	en100 ethernet module modbus tcp	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	en100 ethernet module profinet io	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	en100 ethernet module iec 104	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	en100 ethernet module iec 61850	scope:	lt	version:	4.30	Trust: 1.0
vendor:	siemens	model:	en100 ethernet module dnp3	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module iec 104	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module iec 61850	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module modbus tcp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module profinet io	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	iec	scope:	eq	version:	61850<v4.30	Trust: 0.6
vendor:	siemens	model:	profinet io	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	modbus tcp	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	dnp3	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	iec	scope:	eq	version:	104	Trust: 0.6
vendor:	siemens	model:	siprotec compact	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec	scope:	eq	version:	40	Trust: 0.3
vendor:	siemens	model:	reyrolle	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module profinet io	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module modbus tcp	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module iec	scope:	eq	version:	618500	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module iec	scope:	eq	version:	1040	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module dnp3	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module iec	scope:	ne	version:	618504.30	Trust: 0.3
vendor:	siemens	model:	iec siemens profinet io siemens modbus tcp siemens dnp3 *siemens iec	scope:	eq	version:	61850104	Trust: 0.2

sources: IVD: e2e52650-39ab-11e9-ad8d-000c29342cb1 // CNVD: CNVD-2018-04834 // BID: 103379 // JVNDB: JVNDB-2018-002719 // CNNVD: CNNVD-201803-230 // NVD: CVE-2018-4838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4838
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-4838
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-04834
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201803-230
value:	HIGH
Trust: 0.6
IVD:	e2e52650-39ab-11e9-ad8d-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-134869
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-4838
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-04834
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e52650-39ab-11e9-ad8d-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-134869
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4838
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2e52650-39ab-11e9-ad8d-000c29342cb1 // CNVD: CNVD-2018-04834 // VULHUB: VHN-134869 // JVNDB: JVNDB-2018-002719 // CNNVD: CNNVD-201803-230 // NVD: CVE-2018-4838

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-134869 // JVNDB: JVNDB-2018-002719 // NVD: CVE-2018-4838

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-230

TYPE

Access control error

Trust: 0.8

sources: IVD: e2e52650-39ab-11e9-ad8d-000c29342cb1 // CNNVD: CNNVD-201803-230

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002719

PATCH

title:	SSA-845879	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf	Trust: 0.8
title:	Patches for unauthorized operating vulnerabilities in multiple Siemens products	url:	https://www.cnvd.org.cn/patchInfo/show/120859	Trust: 0.6
title:	Multiple Siemens Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78966	Trust: 0.6

sources: CNVD: CNVD-2018-04834 // JVNDB: JVNDB-2018-002719 // CNNVD: CNNVD-201803-230

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4838	Trust: 3.6
db:	BID	id:	103379	Trust: 2.0
db:	SIEMENS	id:	SSA-845879	Trust: 2.0
db:	ICS CERT	id:	ICSA-18-067-02	Trust: 1.7
db:	ICS CERT	id:	ICSA-18-067-01	Trust: 1.6
db:	CNNVD	id:	CNNVD-201803-230	Trust: 0.9
db:	CNVD	id:	CNVD-2018-04834	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-002719	Trust: 0.8
db:	IVD	id:	E2E52650-39AB-11E9-AD8D-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-134869	Trust: 0.1

sources: IVD: e2e52650-39ab-11e9-ad8d-000c29342cb1 // CNVD: CNVD-2018-04834 // VULHUB: VHN-134869 // BID: 103379 // JVNDB: JVNDB-2018-002719 // CNNVD: CNNVD-201803-230 // NVD: CVE-2018-4838

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-845879.pdf	Trust: 2.0
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-067-02	Trust: 1.7
url:	https://www.securityfocus.com/bid/103379	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-067-01	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4838	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4838	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-04834 // VULHUB: VHN-134869 // BID: 103379 // JVNDB: JVNDB-2018-002719 // CNNVD: CNNVD-201803-230 // NVD: CVE-2018-4838

CREDITS

Ilya Karpov and Alexey Stennikov from Positive Technologies

Trust: 0.3

sources: BID: 103379

SOURCES

db:	IVD	id:	e2e52650-39ab-11e9-ad8d-000c29342cb1
db:	CNVD	id:	CNVD-2018-04834
db:	VULHUB	id:	VHN-134869
db:	BID	id:	103379
db:	JVNDB	id:	JVNDB-2018-002719
db:	CNNVD	id:	CNNVD-201803-230
db:	NVD	id:	CVE-2018-4838

LAST UPDATE DATE

2024-11-23T22:45:24.584000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-04834	date:	2018-03-09T00:00:00
db:	VULHUB	id:	VHN-134869	date:	2019-10-03T00:00:00
db:	BID	id:	103379	date:	2018-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-002719	date:	2018-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201803-230	date:	2019-10-08T00:00:00
db:	NVD	id:	CVE-2018-4838	date:	2024-11-21T04:07:33.400

SOURCES RELEASE DATE

db:	IVD	id:	e2e52650-39ab-11e9-ad8d-000c29342cb1	date:	2018-03-09T00:00:00
db:	CNVD	id:	CNVD-2018-04834	date:	2018-03-09T00:00:00
db:	VULHUB	id:	VHN-134869	date:	2018-03-08T00:00:00
db:	BID	id:	103379	date:	2018-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-002719	date:	2018-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201803-230	date:	2018-03-09T00:00:00
db:	NVD	id:	CVE-2018-4838	date:	2018-03-08T17:29:00.210