1. CVE-Search
  2. CVE-2016-7113
ID CVE-2016-7113
Summary A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode.
References
Vulnerable Configurations
  • cpe:2.3:a:siemens:en100_ethernet_module_firmware:4.28:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:en100_ethernet_module_firmware:4.28:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 23-03-2018 - 01:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid
  • 92748
  • 99471
confirm
misc https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03
Last major update 23-03-2018 - 01:29
Published 06-09-2016 - 00:59
Last modified 23-03-2018 - 01:29
Back to Top