Details of VAR-201803-2156

ID

VAR-201803-2156

CVE

CVE-2018-4839

TITLE

plural Siemens Authorization vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-002720

DESCRIPTION

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords. plural Siemens The product contains an authorization vulnerability.Information may be obtained. Siemens DIGSI and others are products of Siemens AG. The Siemens DIGSI is a configuration operating software for the microcomputer protection. EN100 Ethernet module The IEC 61850 variant is an Ethernet module product. Security vulnerabilities exist in several Siemens products. An attacker could exploit the vulnerability to re-establish an access authorization password

Trust: 2.7

sources: NVD: CVE-2018-4839 // JVNDB: JVNDB-2018-002720 // CNVD: CNVD-2018-05196 // BID: 107481 // IVD: e2e5e9a1-39ab-11e9-9407-000c29342cb1 // VULHUB: VHN-134870

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e5e9a1-39ab-11e9-9407-000c29342cb1 // CNVD: CNVD-2018-05196

AFFECTED PRODUCTS

vendor:	siemens	model:	siprotec compact 7sk80	scope:	lt	version:	4.77	Trust: 1.8
vendor:	siemens	model:	siprotec compact 7sj80	scope:	lt	version:	4.77	Trust: 1.8
vendor:	siemens	model:	en100 ethernet module dnp3	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	en100 ethernet module modbus tcp	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	en100 ethernet module profinet io	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	en100 ethernet module iec 104	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	siprotec compact 7sk80	scope:	-	version:	-	Trust: 1.1
vendor:	siemens	model:	siprotec compact 7sj80	scope:	-	version:	-	Trust: 1.1
vendor:	siemens	model:	digsi 4	scope:	lt	version:	4.92	Trust: 1.0
vendor:	siemens	model:	en100 ethernet module iec 61850	scope:	lt	version:	4.30	Trust: 1.0
vendor:	siemens	model:	siprotec 4 7sj66	scope:	lt	version:	4.30	Trust: 1.0
vendor:	siemens	model:	digsi	scope:	lt	version:	44.92	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module iec variant	scope:	eq	version:	61850<4.30	Trust: 0.8
vendor:	siemens	model:	siprotec compact 7sj66	scope:	lt	version:	4.30	Trust: 0.8
vendor:	siemens	model:	digsi 4	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module dnp3	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module iec 104	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module iec 61850	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module modbus tcp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module profinet io	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	siprotec 4 7sj66	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	en100 ethernet module profinet io variant	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	en100 ethernet module modbus tcp variant	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	en100 ethernet module dnp3 variant	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	en100 ethernet module iec variant	scope:	eq	version:	104	Trust: 0.6
vendor:	siemens	model:	siprotec compact	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj66	scope:	eq	version:	4	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj64	scope:	eq	version:	4	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj62	scope:	eq	version:	4	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj61	scope:	eq	version:	4	Trust: 0.3
vendor:	siemens	model:	siprotec 7sd80	scope:	eq	version:	4	Trust: 0.3
vendor:	siemens	model:	siprotec	scope:	eq	version:	40	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module profinet io	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module modbus tcp	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module iec	scope:	eq	version:	618500	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module iec	scope:	eq	version:	1040	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module dnp3	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	digsi	scope:	eq	version:	40	Trust: 0.3
vendor:	siemens	model:	siprotec compact 7sk80	scope:	ne	version:	4.77	Trust: 0.3
vendor:	siemens	model:	siprotec compact 7sj80	scope:	ne	version:	4.77	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj66	scope:	ne	version:	44.30	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj64	scope:	ne	version:	44.96	Trust: 0.3
vendor:	siemens	model:	siprotec 7sj61	scope:	ne	version:	44.96	Trust: 0.3
vendor:	siemens	model:	siprotec 7sd80	scope:	ne	version:	44.70	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module iec	scope:	ne	version:	618504.30	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module dnp3	scope:	ne	version:	4.30	Trust: 0.3
vendor:	siemens	model:	digsi	scope:	ne	version:	44.92	Trust: 0.3
vendor:	siemens	model:	en100 ethernet module profinet io variant	scope:	eq	version:	*	Trust: 0.2
vendor:	siemens	model:	en100 ethernet module modbus tcp variant	scope:	eq	version:	*	Trust: 0.2
vendor:	siemens	model:	en100 ethernet module dnp3 variant	scope:	eq	version:	*	Trust: 0.2
vendor:	siemens	model:	en100 ethernet module iec variant	scope:	eq	version:	104*	Trust: 0.2

sources: IVD: e2e5e9a1-39ab-11e9-9407-000c29342cb1 // CNVD: CNVD-2018-05196 // BID: 107481 // JVNDB: JVNDB-2018-002720 // CNNVD: CNNVD-201803-229 // NVD: CVE-2018-4839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4839
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4839
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-05196
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201803-229
value:	MEDIUM
Trust: 0.6
IVD:	e2e5e9a1-39ab-11e9-9407-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-134870
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-4839
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-05196
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e5e9a1-39ab-11e9-9407-000c29342cb1
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-134870
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-4839
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2e5e9a1-39ab-11e9-9407-000c29342cb1 // CNVD: CNVD-2018-05196 // VULHUB: VHN-134870 // JVNDB: JVNDB-2018-002720 // CNNVD: CNNVD-201803-229 // NVD: CVE-2018-4839

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.1
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-285	Trust: 0.9

sources: VULHUB: VHN-134870 // JVNDB: JVNDB-2018-002720 // NVD: CVE-2018-4839

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-229

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-229

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002720

PATCH

title:	SSA-203306	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf	Trust: 0.8
title:	Patches for unidentified vulnerabilities in various Siemens products	url:	https://www.cnvd.org.cn/patchInfo/show/121391	Trust: 0.6
title:	Multiple Siemens Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78965	Trust: 0.6

sources: CNVD: CNVD-2018-05196 // JVNDB: JVNDB-2018-002720 // CNNVD: CNNVD-201803-229

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4839	Trust: 3.6
db:	ICS CERT	id:	ICSA-18-067-01	Trust: 3.0
db:	SIEMENS	id:	SSA-203306	Trust: 2.0
db:	CNVD	id:	CNVD-2018-05196	Trust: 0.8
db:	CNNVD	id:	CNNVD-201803-229	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-002720	Trust: 0.8
db:	BID	id:	107481	Trust: 0.3
db:	IVD	id:	E2E5E9A1-39AB-11E9-9407-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-134870	Trust: 0.1

sources: IVD: e2e5e9a1-39ab-11e9-9407-000c29342cb1 // CNVD: CNVD-2018-05196 // VULHUB: VHN-134870 // BID: 107481 // JVNDB: JVNDB-2018-002720 // CNNVD: CNNVD-201803-229 // NVD: CVE-2018-4839

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-067-01	Trust: 3.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4839	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4839	Trust: 0.8
url:	http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec4/pages/overview.aspx	Trust: 0.3
url:	http://w3.siemens.com/smartgrid/global/en/products-systems-solutions/protection/siprotec-compact/pages/overview.aspx	Trust: 0.3
url:	http://subscriber.communications.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-05196 // VULHUB: VHN-134870 // BID: 107481 // JVNDB: JVNDB-2018-002720 // CNNVD: CNNVD-201803-229 // NVD: CVE-2018-4839

CREDITS

Ilya Karpov and Dmitry Sklyarov from Positive Technologies.

Trust: 0.3

sources: BID: 107481

SOURCES

db:	IVD	id:	e2e5e9a1-39ab-11e9-9407-000c29342cb1
db:	CNVD	id:	CNVD-2018-05196
db:	VULHUB	id:	VHN-134870
db:	BID	id:	107481
db:	JVNDB	id:	JVNDB-2018-002720
db:	CNNVD	id:	CNNVD-201803-229
db:	NVD	id:	CVE-2018-4839

LAST UPDATE DATE

2024-11-23T22:45:24.544000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-05196	date:	2018-03-14T00:00:00
db:	VULHUB	id:	VHN-134870	date:	2021-07-13T00:00:00
db:	BID	id:	107481	date:	2018-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-002720	date:	2018-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201803-229	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2018-4839	date:	2024-11-21T04:07:33.527

SOURCES RELEASE DATE

db:	IVD	id:	e2e5e9a1-39ab-11e9-9407-000c29342cb1	date:	2018-03-14T00:00:00
db:	CNVD	id:	CNVD-2018-05196	date:	2018-03-13T00:00:00
db:	VULHUB	id:	VHN-134870	date:	2018-03-08T00:00:00
db:	BID	id:	107481	date:	2018-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-002720	date:	2018-04-26T00:00:00
db:	CNNVD	id:	CNNVD-201803-229	date:	2018-03-09T00:00:00
db:	NVD	id:	CVE-2018-4839	date:	2018-03-08T17:29:00.257