ICSA-22-195-16
·
Published 2022-07-12
·
View on CISA ICS-CERT ↗
Siemens EN100 Ethernet Module
CVSS 8.6
HIGH
CVEs (1)
Remediations
- Disable web service within the device configuration if it is not used
- Currently no fix is planned
- Update to V4.40 or later version
- Block access to port 80/tcp and 443/tcp e.g. with an external firewall
- Apply secure substation concept and Defense-in-Depth (see https://www.siemens.com/gridsecurity) or contact customer care to find specific solutions
Affected Vendors
Siemens
Affected Products (5)
Siemens
·
EN100 Ethernet module DNP3 IP variant
vers:all/*
Siemens
·
EN100 Ethernet module IEC 104 variant
vers:all/*
Siemens
·
EN100 Ethernet module IEC 61850 variant
<V4.40
Siemens
·
EN100 Ethernet module Modbus TCP variant
vers:all/*
Siemens
·
EN100 Ethernet module PROFINET IO variant
vers:all/*
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more