Unrated severityNVD Advisory· Published Mar 8, 2018· Updated Aug 5, 2024

CVE-2018-4840

Description

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The device engineering mechanism allows an unauthenticated remote user to upload a modified device configuration overwriting access authorization passwords.

Affected products

Siemens Foundation/EN100 Ethernet module IEC 61850 variantllm-create
Range: <4.30
Siemens Foundation/DIGSI 4llm-fuzzy
Range: <4.92
Siemens Foundation/EN100 Ethernet module DNP3 variantllm-fuzzy
Range: <1.05.00
Siemens/DIGSI 4v5
Range: All versions < V4.92
Siemens/EN100 Ethernet module DNP3 variantv5
Range: All versions < V1.05.00
Siemens/EN100 Ethernet module IEC 104 variantv5
Range: All versions
Siemens/EN100 Ethernet module IEC 61850 variantv5
Range: All versions < V4.30
Siemens/EN100 Ethernet module Modbus TCP variantv5
Range: All versions
Siemens/EN100 Ethernet module PROFINET IO variantv5
Range: All versions

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-203306.pdfmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000