CVE-2022-30937 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-30937 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.

EPSS 0.53% · 67.1th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.53%

67.1th percentile

Affected Products

Vendor	Product	Versions
siemens	en100_ethernet_module_modbus_tcp_firmware
Siemens	EN100 Ethernet module DNP3 IP variant	All versions
siemens	en100_ethernet_module_iec_61850_firmware	0
Siemens	EN100 Ethernet module PROFINET IO variant	All versions
siemens	en100_ethernet_module_profinet_io_firmware
siemens	en100_ethernet_module_dnp3_firmware
Siemens	EN100 Ethernet module Modbus TCP variant	All versions
Siemens	EN100 Ethernet module IEC 104 variant	All versions
siemens	en100_ethernet_module_iec_104_firmware
Siemens	EN100 Ethernet module IEC 61850 variant	All versions < V4.37

Timeline

Jun 14, 2022 CVE Published
Jun 15, 2022 EPSS Score
Aug 2, 2022 EPSS Score
Sep 19, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Dec 23, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 14, 2023 EPSS Score
Jul 1, 2023 EPSS Score
Aug 17, 2023 EPSS Score

References

Open in Interactive Console →