Vulnerabilities > CVE-2016-7113 - Resource Management Errors vulnerability in Siemens En100 Ethernet Module Firmware 4.28
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/92748
- http://www.securityfocus.com/bid/92748
- http://www.securityfocus.com/bid/99471
- http://www.securityfocus.com/bid/99471
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-630413.pdf
- https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03
- https://ics-cert.us-cert.gov/advisories/ICSA-17-187-03
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-323211.pdf