CVE-2022-30938

Name of the Vulnerable Software and Affected Versions EN100 Ethernet module DNP3 IP variant (All versions) EN100 Ethernet module IEC 104 variant (All versions) EN100 Ethernet module IEC 61850 variant (All versions prior to V4.40) EN100 Ethernet module Modbus TCP variant (All versions) EN100 Ethernet module PROFINET IO variant (All versions)

Description A memory corruption issue exists in the affected applications while parsing specially crafted HTTP packets to the "/txtrace" endpoint, manipulating a specific argument. This could allow an attacker to crash the affected application, leading to a denial of service condition.

Recommendations For EN100 Ethernet module DNP3 IP variant, restrict access to the "/txtrace" endpoint until a patch is available. For EN100 Ethernet module IEC 104 variant, consider disabling the HTTP packet parsing functionality for the "/txtrace" endpoint as a temporary workaround. For EN100 Ethernet module IEC 61850 variant versions prior to V4.40, update to version V4.40 or later to resolve the issue. For EN100 Ethernet module Modbus TCP variant, avoid using the "/txtrace" endpoint until the issue is resolved. For EN100 Ethernet module PROFINET IO variant, restrict access to the vulnerable module to minimize the risk of exploitation.