ICSA-22-167-05
·
Published 2022-06-14
·
View on CISA ICS-CERT ↗
Siemens EN100 Ethernet Module
CVSS 8.6
HIGH
CVEs (1)
Remediations
- Currently no fix is planned
- Update to V4.37 or later version
- Disable web service within the device configuration if it is not used
- Block access to port 80/tcp and 443/tcp e.g. with an external firewall
- Apply secure substation concept and Defense-in-Depth (see https://www.siemens.com/gridsecurity) or contact customer care to find specific solutions
Affected Vendors
Siemens
Affected Products (5)
Siemens
·
EN100 Ethernet module DNP3 IP variant
vers:all/*
Siemens
·
EN100 Ethernet module IEC 104 variant
vers:all/*
Siemens
·
EN100 Ethernet module IEC 61850 variant
<V4.37
Siemens
·
EN100 Ethernet module Modbus TCP variant
vers:all/*
Siemens
·
EN100 Ethernet module PROFINET IO variant
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more