VDB

CVE-2022-30937

CVE-2022-30937 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.

EPSS 0.53% · 67.7th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.53%
67.7th percentile

Affected Products

VendorProductVersions
siemensen100_ethernet_module_modbus_tcp_firmware
SiemensEN100 Ethernet module DNP3 IP variantAll versions
siemensen100_ethernet_module_iec_61850_firmware0
SiemensEN100 Ethernet module PROFINET IO variantAll versions
siemensen100_ethernet_module_profinet_io_firmware
siemensen100_ethernet_module_dnp3_firmware
SiemensEN100 Ethernet module Modbus TCP variantAll versions
SiemensEN100 Ethernet module IEC 104 variantAll versions
siemensen100_ethernet_module_iec_104_firmware
SiemensEN100 Ethernet module IEC 61850 variant*

Exploit Intelligence

…and 66 more exploits

Timeline

  • Jun 14, 2022 CVE Published
  • Jun 15, 2022 EPSS Score
  • Aug 3, 2022 EPSS Score
  • Sep 20, 2022 EPSS Score
  • Nov 7, 2022 EPSS Score
  • Dec 25, 2022 EPSS Score
  • Feb 11, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 31, 2023 EPSS Score
  • May 18, 2023 EPSS Score
  • Jul 6, 2023 EPSS Score
  • Aug 23, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›