Sign-up

ID

VAR-201903-1129


CVE

CVE-2018-16563


TITLE

plural Siemens Resource management vulnerabilities in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-015215

DESCRIPTION

A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.35), Firmware variant MODBUS TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions), Firmware variant Profinet IO for EN100 Ethernet module (All versions), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.82), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). Specially crafted packets to port 102/tcp could cause a denial-of-service condition in the affected products. A manual restart is required to recover the EN100 module functionality of the affected devices. Successful exploitation requires an attacker with network access to send multiple packets to the affected products or modules. As a precondition the IEC 61850-MMS communication needs to be activated on the affected products or modules. No user interaction or privileges are required to exploit the vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the network functionality of the device, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. plural Siemens The product firmware contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens EN100 Ethernet Communication module and SIPROTEC 5 Relays are prone to denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application or consume excess memory, denying service to legitimate users

Trust: 1.98

sources: NVD: CVE-2018-16563 // JVNDB: JVNDB-2018-015215 // BID: 107007 // VULHUB: VHN-126935

AFFECTED PRODUCTS

vendor:siemensmodel:en100 ethernet module with variant iec104scope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 with cpu variant cp100scope:ltversion:7.82

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant dnp3 tcpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant modbus tcpscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant profinet ioscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:en100 ethernet module with variant iec 61850scope:eqversion:4.35

Trust: 1.0

vendor:siemensmodel:en100 ethernet modulescope:eqversion: -

Trust: 1.0

vendor:siemensmodel:siprotec 5 with cpu variant cp300scope:ltversion:7.82

Trust: 1.0

vendor:siemensmodel:siprotec 5 with cpu variant cp200scope:ltversion:7.58

Trust: 1.0

vendor:siemensmodel:cp100scope:ltversion:7.82

Trust: 0.8

vendor:siemensmodel:cp200scope:ltversion:7.58

Trust: 0.8

vendor:siemensmodel:cp300scope:ltversion:7.82

Trust: 0.8

vendor:siemensmodel:dnp3 tcpscope: - version: -

Trust: 0.8

vendor:siemensmodel:en100 modulescope: - version: -

Trust: 0.8

vendor:siemensmodel:iec 61850scope: - version: -

Trust: 0.8

vendor:siemensmodel:iec104scope: - version: -

Trust: 0.8

vendor:siemensmodel:modbus tcpscope: - version: -

Trust: 0.8

vendor:siemensmodel:profinet ioscope: - version: -

Trust: 0.8

vendor:siemensmodel:siprotecscope:eqversion:50

Trust: 0.3

vendor:siemensmodel:profinet io for en100scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:modbus tcp for en100scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:iec104 for en100scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:iec for en100scope:eqversion:618500

Trust: 0.3

vendor:siemensmodel:en100 ethernet modulescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:siprotec cp300scope:neversion:57.82

Trust: 0.3

vendor:siemensmodel:siprotec cp200scope:neversion:57.58

Trust: 0.3

vendor:siemensmodel:siprotec cp100scope:neversion:57.82

Trust: 0.3

vendor:siemensmodel:en100 ethernet module iecscope:neversion:618504.35

Trust: 0.3

sources: BID: 107007 // JVNDB: JVNDB-2018-015215 // NVD: CVE-2018-16563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16563
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-16563
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201902-537
value: MEDIUM

Trust: 0.6

VULHUB: VHN-126935
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-16563
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-126935
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16563
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-126935 // JVNDB: JVNDB-2018-015215 // CNNVD: CNNVD-201902-537 // NVD: CVE-2018-16563

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-399

Trust: 0.9

sources: VULHUB: VHN-126935 // JVNDB: JVNDB-2018-015215 // NVD: CVE-2018-16563

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201902-537

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201902-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015215

PATCH
title:SSA-104088url:https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf
Trust: 0.8
title:Multiple Siemens Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89344
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-015215 // 
            
            
            
            CNNVD: CNNVD-201902-537

EXTERNAL IDS
db:NVDid:CVE-2018-16563
Trust: 2.8
db:SIEMENSid:SSA-104088
Trust: 1.7
db:ICS CERTid:ICSA-19-043-02
Trust: 1.7
db:BIDid:107007
Trust: 1.0
db:JVNDBid:JVNDB-2018-015215
Trust: 0.8
db:CNNVDid:CNNVD-201902-537
Trust: 0.7
db:AUSCERTid:ESB-2019.0443
Trust: 0.6
db:VULHUBid:VHN-126935
Trust: 0.1
sources:
            
            
            VULHUB: VHN-126935 // 
            
            
            
            BID: 107007 // 
            
            
            
            JVNDB: JVNDB-2018-015215 // 
            
            
            
            CNNVD: CNNVD-201902-537 // 
            
            
            
            NVD: CVE-2018-16563

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-104088.pdf
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-16563
Trust: 1.4
url:https://ics-cert.us-cert.gov/advisories/icsa-19-043-02
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16563
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsa-19-043-02
Trust: 0.8
url:http://www.securityfocus.com/bid/107007
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75470
Trust: 0.6
url:http://www.siemens.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-126935 // 
            
            
            
            BID: 107007 // 
            
            
            
            JVNDB: JVNDB-2018-015215 // 
            
            
            
            CNNVD: CNNVD-201902-537 // 
            
            
            
            NVD: CVE-2018-16563

CREDITS
Lars Lengersdorf from Amprion GmbH,Lars Lengersdorf from Amprion GmbH reported this vulnerability to Siemens.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-537

SOURCES
db:VULHUBid:VHN-126935
db:BIDid:107007
db:JVNDBid:JVNDB-2018-015215
db:CNNVDid:CNNVD-201902-537
db:NVDid:CVE-2018-16563

LAST UPDATE DATE
2024-11-23T22:21:45.160000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-126935date:2019-10-03T00:00:00
db:BIDid:107007date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-015215date:2019-07-08T00:00:00
db:CNNVDid:CNNVD-201902-537date:2020-05-22T00:00:00
db:NVDid:CVE-2018-16563date:2024-11-21T03:52:59.153

SOURCES RELEASE DATE
db:VULHUBid:VHN-126935date:2019-03-21T00:00:00
db:BIDid:107007date:2019-02-12T00:00:00
db:JVNDBid:JVNDB-2018-015215date:2019-05-13T00:00:00
db:CNNVDid:CNNVD-201902-537date:2019-02-12T00:00:00
db:NVDid:CVE-2018-16563date:2019-03-21T16:00:22.420