← Back to home
SIEMENS-SSA-845879  ·  Published 2019-02-12  ·  View on Siemens ProductCERT ↗

SSA-845879 (Last Update: 2019-02-12): Firmware Downgrade Vulnerability in EN100 Ethernet Communication Module for SIPROTEC 4, SIPROTEC Compact and Reyrolle

CVSS N/A MEDIUM

Risk Summary

<p>The EN100 Ethernet communication module, which is an optional extension for SIPROTEC 4, SIPROTEC Compact and Reyrolle devices, allows an unauthenticated upload of firmware updates to the communication module in affected versions.</p> <p>Siemens has released updates for several affected products, is working on updates for the remaining affected products, and recommends specific countermeasures until fixes are available.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-845879 (Last Update: 2019-02-12): Firmware Downgrade Vulnerability in EN100 Ethernet Communication Module for SIPROTEC 4, SIPROTEC Compact and Reyrolle See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more