// For flags

CVE-2018-4839

 

Severity Score

5.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.

Se ha identificado una vulnerabilidad en Siemens DIGSI 4 (Todas las versiones anteriores a V4.92), EN100 Ethernet module DNP3 variant (Todas las versiones anteriores a V1.05.00), EN100 Ethernet module IEC 104 variant (Todas las versiones), EN100 Ethernet module IEC 61850 variant (Todas las versiones anteriores a V4.30), EN100 Ethernet module Modbus TCP variant (Todas las versiones), EN100 Ethernet module PROFINET IO variant (Todas las versiones), Other SIPROTEC 4 relays (Todas las versiones), Other SIPROTEC Compact relays (Todas las versiones), SIPROTEC 4 7SD80 (Todas las versiones anteriores a V4.70), SIPROTEC 4 7SJ61 (Todas las versiones anteriores a V4.96), SIPROTEC 4 7SJ62 (Todas las versiones anteriores a V4.96), SIPROTEC 4 7SJ64 (Todas las versiones anteriores a V4.96), SIPROTEC 4 7SJ66 (Todas las versiones anteriores a V4.30), SIPROTEC Compact 7SJ80 (Todas las versiones anteriores a V4.77), SIPROTEC Compact 7SK80 (Todas las versiones anteriores a V4.77). Un atacante con acceso local al sistema de ingeniería o en una posición de red privilegiada y capaz de obtener cierto tráfico de red podría reconstruir contraseñas de autorización de acceso

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-02 CVE Reserved
  • 2018-03-08 CVE Published
  • 2023-07-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-326: Inadequate Encryption Strength
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
 Siprotec Compact 7sj80 Firmware
Search vendor "Siemens" for product "Siprotec Compact 7sj80 Firmware"
 < 4.77
Search vendor "Siemens" for product "Siprotec Compact 7sj80 Firmware" and version " < 4.77"
-
Affected
in Siemens
Search vendor "Siemens"
 Siprotec Compact 7sj80
Search vendor "Siemens" for product "Siprotec Compact 7sj80"
--
Safe
Siemens
Search vendor "Siemens"
 Siprotec Compact 7sk80 Firmware
Search vendor "Siemens" for product "Siprotec Compact 7sk80 Firmware"
 < 4.77
Search vendor "Siemens" for product "Siprotec Compact 7sk80 Firmware" and version " < 4.77"
-
Affected
in Siemens
Search vendor "Siemens"
 Siprotec Compact 7sk80
Search vendor "Siemens" for product "Siprotec Compact 7sk80"
--
Safe
Siemens
Search vendor "Siemens"
 Siprotec 4 7sj66 Firmware
Search vendor "Siemens" for product "Siprotec 4 7sj66 Firmware"
 < 4.30
Search vendor "Siemens" for product "Siprotec 4 7sj66 Firmware" and version " < 4.30"
-
Affected
in Siemens
Search vendor "Siemens"
 Siprotec 4 7sj66
Search vendor "Siemens" for product "Siprotec 4 7sj66"
--
Safe
Siemens
Search vendor "Siemens"
 En100 Ethernet Module Iec 104 Firmware
Search vendor "Siemens" for product "En100 Ethernet Module Iec 104 Firmware"
--
Affected
in Siemens
Search vendor "Siemens"
 En100 Ethernet Module Iec 104
Search vendor "Siemens" for product "En100 Ethernet Module Iec 104"
--
Safe
Siemens
Search vendor "Siemens"
 En100 Ethernet Module Dnp3 Firmware
Search vendor "Siemens" for product "En100 Ethernet Module Dnp3 Firmware"
--
Affected
in Siemens
Search vendor "Siemens"
 En100 Ethernet Module Dnp3
Search vendor "Siemens" for product "En100 Ethernet Module Dnp3"
--
Safe
Siemens
Search vendor "Siemens"
 En100 Ethernet Module Modbus Tcp Firmware
Search vendor "Siemens" for product "En100 Ethernet Module Modbus Tcp Firmware"
--
Affected
in Siemens
Search vendor "Siemens"
 En100 Ethernet Module Modbus Tcp
Search vendor "Siemens" for product "En100 Ethernet Module Modbus Tcp"
--
Safe
Siemens
Search vendor "Siemens"
 En100 Ethernet Module Profinet Io Firmware
Search vendor "Siemens" for product "En100 Ethernet Module Profinet Io Firmware"
--
Affected
in Siemens
Search vendor "Siemens"
 En100 Ethernet Module Profinet Io
Search vendor "Siemens" for product "En100 Ethernet Module Profinet Io"
--
Safe
Siemens
Search vendor "Siemens"
 En100 Ethernet Module Iec 61850 Firmware
Search vendor "Siemens" for product "En100 Ethernet Module Iec 61850 Firmware"
 < 4.30
Search vendor "Siemens" for product "En100 Ethernet Module Iec 61850 Firmware" and version " < 4.30"
-
Affected
in Siemens
Search vendor "Siemens"
 En100 Ethernet Module Iec 61850
Search vendor "Siemens" for product "En100 Ethernet Module Iec 61850"
--
Safe
Siemens
Search vendor "Siemens"
 Digsi 4
Search vendor "Siemens" for product "Digsi 4"
 < 4.92
Search vendor "Siemens" for product "Digsi 4" and version " < 4.92"
-
Affected