CVE-2019-13943
Description
A vulnerability has been identified in EN100 Ethernet module DNP3 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module IEC104 variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). The web interface could allow Cross-Site Scripting (XSS) attacks if an attacker is able to modify content of particular web pages, causing the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated to the web interface. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security. vulnerability was known.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Siemens EN100 Ethernet modules contain a persistent XSS vulnerability that allows an unauthenticated remote attacker to modify web page content, potentially reading or altering application data.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the web interface of Siemens EN100 Ethernet modules. The issue affects the following variants and versions: EN100 Ethernet module for IEC 61850 (all versions prior to V4.37), EN100 Ethernet module for PROFINET IO (all versions), EN100 Ethernet module for Modbus TCP (all versions), EN100 Ethernet module for DNP3 (all versions), and EN100 Ethernet module for IEC104 (all versions). The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). An attacker who can modify the content of particular web pages can inject malicious scripts, causing the application to behave unexpectedly for legitimate users [1].
Exploitation
To exploit this vulnerability, an attacker does not need to be authenticated to the web interface. The attacker must have network access to the affected device and the ability to modify content of specific web pages (for example, through a separate compromise or a chained attack). Successful exploitation does not require user interaction with a crafted link; instead, the attacker injects persistent script content that executes when legitimate users access the modified page [1].
Impact
Successful exploitation allows an attacker to read or modify contents of the web application, potentially leading to disclosure of sensitive information or unauthorized changes to device configuration. The CVSS v3 base score for this vulnerability is 7.5, with a vector string of (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). At the time of advisory publication, no public exploitation was known [1].
Mitigation
Siemens has released a firmware update for the IEC 61850 variant (version V4.37 or later) to address the XSS vulnerability. For the other affected variants (PROFINET IO, Modbus TCP, DNP3, IEC104), users should apply the latest available firmware updates from Siemens. As a general security measure, Siemens recommends restricting network access to the EN100 web interface and implementing proper segmentation. This CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the advisory publication date [1].
No fix was available for PROFINET IO, Modbus TCP, DNP3, and IEC104 variants at the time of initial publication; users should monitor Siemens advisory updates.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- Range: < V4.37
- Siemens AG/EN100 Ethernet module DNP3 variantv5Range: All versions
- Siemens AG/EN100 Ethernet module IEC104 variantv5Range: All versions
- Siemens AG/EN100 Ethernet module IEC 61850 variantv5Range: All versions < V4.37
- Siemens AG/EN100 Ethernet module Modbus TCP variantv5Range: All versions
- Siemens AG/EN100 Ethernet module PROFINET IO variantv5Range: All versions
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cert-portal.siemens.com/productcert/pdf/ssa-418979.pdfmitrex_refsource_MISC
- www.us-cert.gov/ics/advisories/icsa-19-344-07mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.