Vulnerabilities > CVE-2016-7113 - Resource Management Errors vulnerability in Siemens En100 Ethernet Module Firmware 4.28

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

siemens

CWE-399

NVD

Published: 2016-09-06

Updated: 2018-03-23

Summary

A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 80/tcp could cause the affected device to go into defect mode.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens En100 Ethernet Module Firmware 4.28	1
Hardware	Siemens Siemens En100 Ethernet Module -	1

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References