CVE-2016-7112
published 2016-09-06CVE-2016-7112: A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100…
PriorityP266critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
2.86%
85.0th percentile
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | en100_ethernet_module_firmware | <= 4.28 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated or anomalous HTTP requests to port 80/TCP on Siemens EN100 Ethernet module web interfaces; authentication bypass may allow administrative operations without valid credentials. ↗
- →Low-skill remote exploitation is confirmed; any external or lateral network access to port 80/TCP on affected EN100 modules should be treated as high-risk and alerted upon. ↗
- ·Vulnerability affects multiple EN100 firmware variants with different version thresholds; ensure version checks cover all variants (PROFINET IO < V1.04.01, Modbus TCP < V1.11.00, DNP3 TCP < V1.03, IEC 104 < V1.21, SIPROTEC Merging Unit 6MU80 < 1.02.02). ↗
- ·No known public exploits specifically target this vulnerability at time of advisory publication. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities
cisa_ics·2018-08-23
Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIPROTEC 4 and SIPROTEC Compact Vulnerabilities
Last RevisedAugust 23, 2018
Alert CodeICSA-16-250-01
## OVERVIEW
Siemens reports that they have released a firmware update for SIPROTEC 4 and SIPROTEC Compact devices to mitigate authentication bypass and resource exhaustion vulnerabilities. Kirill Nesterov and Anatoly Katushin from Kaspersky Lab reported some of these vulnerabilities directly to Siemens.
These vulnerabilities could be exploited remotely.
## AFFECTED PRODUCTS
Siemens reports that these vulnerabilities affect the following products:
- EN100 Ethernet modu
CISA ICS
Siemens SIPROTEC 4 and SIPROTEC Compact (Update F)
cisa_ics·2018-01-04
Siemens SIPROTEC 4 and SIPROTEC Compact (Update F)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SIPROTEC 4 and SIPROTEC Compact (Update F)
Last RevisedMarch 20, 2018
Alert CodeICSA-17-187-03F
## CVSS v3 8.6
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Siemens
Equipment: SIPROTEC 4 and SIPROTEC Compact
Vulnerabilities: Improper Input Validation, Missing Authorization, Improper Authentication
## UPDATE INFORMATION
This updated advisory is a follow-up to the updated advisory titled ICSA-17-187-03E Siemens SIPROTEC 4 and SIPROTEC Compact that was published January 4, 2018, on the NCCIC/ICS-CERT website.
## AFFECTED PRODUCTS
Siemens reports
CISA ICS
Siemens SWT3000
cisa_ics·2017-11-30
Siemens SWT3000
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SWT3000
Last RevisedNovember 30, 2017
Alert CodeICSA-17-334-01
## CVSS v3 5.3
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Siemens
Equipment: SWT3000
Vulnerabilities: Improper Authentication, Authentication Bypass, Improper Input Validation.
## AFFECTED PRODUCTS
Siemens reports that the vulnerabilities affect the following SWT 3000 Teleprotection system products:
- EN100 for SWT3000 (iSWT3000):
- IEC 61850 firmware: All versions prior to V4.29.01
- TPOP firmware: All versions prior to V01.01.00
## IMPACT
Successful exploitation of these v
CISA ICS
Siemens Reyrolle
cisa_ics·2017-07-06
Siemens Reyrolle
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Reyrolle
Last RevisedJuly 06, 2017
Alert CodeICSA-17-187-02
## CVSS v3 7.5
ATTENTION: Remotely exploitable/low skill level to exploit.
Vendor: Siemens
Equipment: Reyrolle
Vulnerabilities: Missing Authorization, Improper Input Validation, Improper Authentication
## AFFECTED PRODUCTS
Siemens reports that the vulnerabilities affect the following Reyrolle integration, control, measurement, and automation products:
- EN100 Ethernet modules as optional for Reyrolle: All versions prior to V4.29.01
## IMPACT
Successful exploitation of these vulnerabilities could allow an
GHSA
GHSA-j885-v5w5-36pc: A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1
ghsa_unreviewed·2022-05-14
CVE-2016-7112 [CRITICAL] CWE-287 GHSA-j885-v5w5-36pc: A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/92747http://www.securityfocus.com/bid/99471http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-17-187-03https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdfhttp://www.securityfocus.com/bid/92747http://www.securityfocus.com/bid/99471http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-17-187-03https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf
2016-09-06
Published