CVE-2019-13942

Name of the Vulnerable Software and Affected Versions EN100 Ethernet module DNP3 variant (All versions) EN100 Ethernet module IEC 61850 variant (All versions < V4.37) EN100 Ethernet module IEC104 variant (All versions) EN100 Ethernet module Modbus TCP variant (All versions) EN100 Ethernet module PROFINET IO variant (All versions)

Description A buffer overflow vulnerability in the webserver of the EN100 Ethernet module could be exploited by an unauthorized user, potentially causing a Denial-of-Service condition. This may require manual restart of the affected devices to fully recover. No public exploitation of this issue was known at the time of advisory publication.

Recommendations For EN100 Ethernet module DNP3 variant, restrict access to the webserver to minimize the risk of exploitation. For EN100 Ethernet module IEC 61850 variant, update to version V4.37 or later to resolve the issue. For EN100 Ethernet module IEC104 variant, consider disabling the webserver functionality until a patch is available. For EN100 Ethernet module Modbus TCP variant, avoid using the webserver until the issue is resolved. For EN100 Ethernet module PROFINET IO variant, limit access to the webserver to prevent potential exploitation.