CVE-2018-4839 Information

Description

A vulnerability has been identified in Siemens DIGSI 4 (All versions V4.92) EN100 Ethernet module IEC 61850 variant (All versions V4.30) EN100 Ethernet module PROFINET IO variant (All versions) EN100 Ethernet module Modbus TCP variant (All versions) EN100 Ethernet module DNP3 variant (All versions) EN100 Ethernet module IEC 104 variant (All versions) SIPROTEC Compact 7SJ80 (All versions V4.77) SIPROTEC Compact 7SK80 (All versions V4.77) SIPROTEC Compact 7SJ66 (All versions V4.30) Other SIPROTEC Compact relays (All versions) Other SIPROTEC 4 relays (All versions). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-203306.pdf https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3