cbcvebase.
CVE-2015-5374
published 2015-07-18

CVE-2015-5374: A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100…

PriorityP180high7.8CVSS 2.0
AVNACLAuNCNINAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
74.50%
99.4th percentile
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.

Affected

1 ranges
VendorProductVersion rangeFixed in
siemenssiprotec_firmware

Detection & IOCsextracted from sources · hover to see the quote

port50000/UDP
bytes
11 49 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 9E
  • Nessus Network Monitor signature PRM #700132 (Siemens SIPROTEC DoS, SCADA) can be used to passively detect exploitation attempts for CVE-2015-5374.
  • Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability (CVE-2015-5374); deploy it to block CrashOverride/Industroyer exploitation of this flaw.
  • ·The vulnerability affects multiple EN100 firmware variants; ensure all are accounted for when scoping detection — PROFINET IO (<V1.04.01), Modbus TCP (<V1.11.00), DNP3 TCP (<V1.03), IEC 104 (<V1.21), and SIPROTEC Merging Unit 6MU80 (<1.02.02).
  • ·A successful DoS attack may require a manual reboot to restore device service; automated recovery should not be assumed.
  • ·The exploit targets EN100 Ethernet module firmware version V4.24 or prior on SIPROTEC 4 and SIPROTEC Compact devices; V4.25 and later are not affected.

CVSS provenance

nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.