CVE-2016-4784

Name of the Vulnerable Software and Affected Versions EN100 Ethernet module firmware variant PROFINET IO versions prior to V1.04.01 EN100 Ethernet module firmware variant Modbus TCP versions prior to V1.11.00 EN100 Ethernet module firmware variant DNP3 TCP versions prior to V1.03 EN100 Ethernet module firmware variant IEC 104 versions prior to V1.21 EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02 SIPROTEC 7SJ686 versions prior to V 4.83 SIPROTEC 7UT686 versions prior to V 4.01 SIPROTEC 7SD686 versions prior to V 4.03 SIPROTEC 7SJ66 versions prior to V 4.20

Description A vulnerability has been identified that could allow remote attackers to obtain sensitive device information if network access is obtained. This issue affects the integrated web server of the affected devices, specifically on port 80/tcp.

Recommendations For EN100 Ethernet module firmware variant PROFINET IO versions prior to V1.04.01, update to version V1.04.01 or later. For EN100 Ethernet module firmware variant Modbus TCP versions prior to V1.11.00, update to version V1.11.00 or later. For EN100 Ethernet module firmware variant DNP3 TCP versions prior to V1.03, update to version V1.03 or later. For EN100 Ethernet module firmware variant IEC 104 versions prior to V1.21, update to version V1.21 or later. For EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02, update to version 1.02.02 or later. For SIPROTEC 7SJ686 versions prior to V 4.83, update to version V 4.83 or later. For SIPROTEC 7UT686 versions prior to V 4.01, update to version V 4.01 or later. For SIPROTEC 7SD686 versions prior to V 4.03, update to version V 4.03 or later. For SIPROTEC 7SJ66 versions prior to V 4.20, update to version V 4.20 or later.