Details of VAR-201807-1341

ID

VAR-201807-1341

CVE

CVE-2018-11452

TITLE

Siemens EN100 Ethernet Communication Module Denial of service vulnerability

Trust: 0.8

sources: IVD: 7d8198c1-463f-11e9-8941-000c29342cb1 // CNVD: CNVD-2018-25426

DESCRIPTION

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the EN100 communication module if oscillographs are running. A manual restart is required to recover the EN100 module functionality. Successful exploitation requires an attacker with network access to send multiple packets to the EN100 module. As a precondition the IEC 61850-MMS communication needs to be activated on the affected EN100 modules. No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens The product firmware contains an input validation vulnerability.Denial of service (DoS) May be in a state. The Siemens EN100 Ethernet Communication Module is an Ethernet module from Siemens AG. A denial of service vulnerability exists in the Siemens EN100 Ethernet Communication Module. Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users

Trust: 2.7

sources: NVD: CVE-2018-11452 // JVNDB: JVNDB-2018-008841 // CNVD: CNVD-2018-25426 // BID: 106221 // IVD: 7d8198c1-463f-11e9-8941-000c29342cb1 // VULHUB: VHN-121313

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7d8198c1-463f-11e9-8941-000c29342cb1 // CNVD: CNVD-2018-25426

AFFECTED PRODUCTS

vendor:	siemens	model:	profinet io	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	modbus tcp	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	cp200	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	dnp3 tcp	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	iec104	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	cp100	scope:	lt	version:	7.80	Trust: 1.0
vendor:	siemens	model:	iec 61850	scope:	lt	version:	4.33	Trust: 1.0
vendor:	siemens	model:	cp300	scope:	lt	version:	7.80	Trust: 1.0
vendor:	siemens	model:	cp100	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	cp200	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	cp300	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	dnp3 tcp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	iec 61850	scope:	lt	version:	v4.33	Trust: 0.8
vendor:	siemens	model:	iec104	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	modbus tcp	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	profinet io	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	variant iec for en100 ethernet module	scope:	eq	version:	61850<v4.33	Trust: 0.6
vendor:	siemens	model:	variant profinet io for en100 ether- net module	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	variant modbus tcp for en100 ether- net module	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	variant dnp3 tcp for en100 ethernet module	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	siprotec	scope:	eq	version:	50	Trust: 0.3
vendor:	siemens	model:	profinet io for en100	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	modbus tcp for en100	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	iec104 for en100	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	iec for en100	scope:	eq	version:	618500	Trust: 0.3
vendor:	siemens	model:	siprotec cp300	scope:	ne	version:	57.80	Trust: 0.3
vendor:	siemens	model:	siprotec cp200	scope:	ne	version:	57.58	Trust: 0.3
vendor:	siemens	model:	siprotec cp100	scope:	ne	version:	57.80	Trust: 0.3
vendor:	siemens	model:	iec for en100	scope:	ne	version:	618504.33	Trust: 0.3
vendor:	dnp3 tcp	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	iec104	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	iec 61850	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	modbus tcp	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	profinet io	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	cp100	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	cp200	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	cp300	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d8198c1-463f-11e9-8941-000c29342cb1 // CNVD: CNVD-2018-25426 // BID: 106221 // JVNDB: JVNDB-2018-008841 // CNNVD: CNNVD-201807-1729 // NVD: CVE-2018-11452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-11452
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-11452
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-25426
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201807-1729
value:	HIGH
Trust: 0.6
IVD:	7d8198c1-463f-11e9-8941-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-121313
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-11452
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-25426
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d8198c1-463f-11e9-8941-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-121313
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-11452
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: 7d8198c1-463f-11e9-8941-000c29342cb1 // CNVD: CNVD-2018-25426 // VULHUB: VHN-121313 // JVNDB: JVNDB-2018-008841 // CNNVD: CNNVD-201807-1729 // NVD: CVE-2018-11452

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-121313 // JVNDB: JVNDB-2018-008841 // NVD: CVE-2018-11452

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1729

TYPE

Input validation

Trust: 0.8

sources: IVD: 7d8198c1-463f-11e9-8941-000c29342cb1 // CNNVD: CNNVD-201807-1729

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008841

PATCH

title:	SSA-635129	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf	Trust: 0.8
title:	Siemens EN100 Ethernet Communication Module patch for denial of service vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/147345	Trust: 0.6
title:	Multiple Siemens Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82545	Trust: 0.6

sources: CNVD: CNVD-2018-25426 // JVNDB: JVNDB-2018-008841 // CNNVD: CNNVD-201807-1729

EXTERNAL IDS

db:	NVD	id:	CVE-2018-11452	Trust: 3.6
db:	SIEMENS	id:	SSA-635129	Trust: 2.6
db:	BID	id:	106221	Trust: 2.0
db:	SIEMENS	id:	SSA-325546	Trust: 1.7
db:	ICS CERT	id:	ICSA-18-347-02	Trust: 1.1
db:	ICS CERT	id:	ICSA-19-038-02	Trust: 1.1
db:	CNNVD	id:	CNNVD-201807-1729	Trust: 0.9
db:	CNVD	id:	CNVD-2018-25426	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-008841	Trust: 0.8
db:	IVD	id:	7D8198C1-463F-11E9-8941-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-121313	Trust: 0.1

sources: IVD: 7d8198c1-463f-11e9-8941-000c29342cb1 // CNVD: CNVD-2018-25426 // VULHUB: VHN-121313 // BID: 106221 // JVNDB: JVNDB-2018-008841 // CNNVD: CNNVD-201807-1729 // NVD: CVE-2018-11452

REFERENCES

url:	https://www.securityfocus.com/bid/106221	Trust: 2.9
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-635129.pdf	Trust: 2.6
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-325546.pdf	Trust: 1.7
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-347-02	Trust: 1.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-19-038-02	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11452	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-11452	Trust: 0.8
url:	http://www.siemens.com/	Trust: 0.3

sources: CNVD: CNVD-2018-25426 // VULHUB: VHN-121313 // BID: 106221 // JVNDB: JVNDB-2018-008841 // CNNVD: CNNVD-201807-1729 // NVD: CVE-2018-11452

CREDITS

Victor Nikitin, and Ilya Karpov from ScadaX, Vladislav Suchkov

Trust: 0.6

sources: CNNVD: CNNVD-201807-1729

SOURCES

db:	IVD	id:	7d8198c1-463f-11e9-8941-000c29342cb1
db:	CNVD	id:	CNVD-2018-25426
db:	VULHUB	id:	VHN-121313
db:	BID	id:	106221
db:	JVNDB	id:	JVNDB-2018-008841
db:	CNNVD	id:	CNNVD-201807-1729
db:	NVD	id:	CVE-2018-11452

LAST UPDATE DATE

2024-11-23T22:38:05.935000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-25426	date:	2018-12-14T00:00:00
db:	VULHUB	id:	VHN-121313	date:	2019-03-22T00:00:00
db:	BID	id:	106221	date:	2019-02-11T07:00:00
db:	JVNDB	id:	JVNDB-2018-008841	date:	2019-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201807-1729	date:	2019-04-01T00:00:00
db:	NVD	id:	CVE-2018-11452	date:	2024-11-21T03:43:23.857

SOURCES RELEASE DATE

db:	IVD	id:	7d8198c1-463f-11e9-8941-000c29342cb1	date:	2018-12-14T00:00:00
db:	CNVD	id:	CNVD-2018-25426	date:	2018-12-14T00:00:00
db:	VULHUB	id:	VHN-121313	date:	2018-07-23T00:00:00
db:	BID	id:	106221	date:	2018-07-11T00:00:00
db:	JVNDB	id:	JVNDB-2018-008841	date:	2018-10-30T00:00:00
db:	CNNVD	id:	CNNVD-201807-1729	date:	2018-07-23T00:00:00
db:	NVD	id:	CVE-2018-11452	date:	2018-07-23T21:29:00.283