CVE-2016-7114

Name of the Vulnerable Software and Affected Versions Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01 Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00 Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03 Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21 EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02 SIPROTEC 7SJ686 versions prior to V 4.87 SIPROTEC 7UT686 versions prior to V 4.02 SIPROTEC 7SD686 versions prior to V 4.05 SIPROTEC 7SJ66 versions prior to V 4.30

Description A vulnerability has been identified that could allow attackers with network access to the device's web interface (port 80/tcp) to possibly circumvent authentication and perform certain administrative operations, but only if a legitimate user is logged into the web interface.

Recommendations For Firmware variant PROFINET IO for EN100 Ethernet module versions prior to V1.04.01, update to version V1.04.01 or later. For Firmware variant Modbus TCP for EN100 Ethernet module versions prior to V1.11.00, update to version V1.11.00 or later. For Firmware variant DNP3 TCP for EN100 Ethernet module versions prior to V1.03, update to version V1.03 or later. For Firmware variant IEC 104 for EN100 Ethernet module versions prior to V1.21, update to version V1.21 or later. For EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 versions prior to 1.02.02, update to version 1.02.02 or later. For SIPROTEC 7SJ686 versions prior to V 4.87, update to version V 4.87 or later. For SIPROTEC 7UT686 versions prior to V 4.02, update to version V 4.02 or later. For SIPROTEC 7SD686 versions prior to V 4.05, update to version V 4.05 or later. For SIPROTEC 7SJ66 versions prior to V 4.30, update to version V 4.30 or later.