CVE-2019-13942

A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). An unauthorized user could exploit a buffer overflow vulnerability in the webserver. Specially crafted packets sent could cause a Denial-of-Service condition and if certain conditions are met, the affected devices must be restarted manually to fully recover. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf	Vendor Advisory
https://www.us-cert.gov/ics/advisories/icsa-19-344-07	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_dnp3_tcp::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec_61850::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_iec104::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_modbus_tcp::::::::
	cpe:2.3:o:siemens:en100_ethernet_module_with_firmware_variant_profinet_io::::::::

cpe:2.3:h:siemens:en100_ethernet_module:-:*:*:*:*:*:*:*

History

02 Feb 2023, 19:18

Type	Values Removed	Values Added
References	~~(MISC) https://www.us-cert.gov/ics/advisories/icsa-19-344-07 -~~	(MISC) https://www.us-cert.gov/ics/advisories/icsa-19-344-07 - Third Party Advisory, US Government Resource

Information

Published : 2019-12-12 19:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-13942

Mitre link : CVE-2019-13942

CVE.ORG link : CVE-2019-13942

JSON object : View

Products Affected

siemens

en100_ethernet_module_with_firmware_variant_iec_61850
en100_ethernet_module_with_firmware_variant_profinet_io
en100_ethernet_module_with_firmware_variant_modbus_tcp
en100_ethernet_module
en100_ethernet_module_with_firmware_variant_dnp3_tcp
en100_ethernet_module_with_firmware_variant_iec104

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-13942

7.5^/10

5.0^/10

Attach tags to `CVE-2019-13942`