PT-2016-7223 · Siemens · Siprotec Merging Unit 6Mu80+1
Publicado
2016-09-06
·
Atualizado
2018-03-23
·
CVE-2016-7113
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01
Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00
Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03
Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21
EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02
Description
A vulnerability has been identified that could cause the affected device to go into defect mode when specially crafted packets are sent to port 80/tcp.
Recommendations
For Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01, update to version V1.04.01 or later.
For Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00, update to version V1.11.00 or later.
For Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03, update to version V1.03 or later.
For Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21, update to version V1.21 or later.
For EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02, update to version 1.02.02 or later.
As a temporary workaround, consider restricting access to port 80/tcp to minimize the risk of exploitation.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
En100 Ethernet Module
Siprotec Merging Unit 6Mu80