ICSA-22-167-05 — Vulnetix

ICSA-22-167-05 PUBLISHED CVSS 8.600000381469727 HIGH

EN100 Ethernet module is affected by memory corruption vulnerability (CVE-2022-30937). Siemens has released an update for the EN100 Ethernet module IEC 61850 variant and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	EN100 Ethernet module DNP3 IP variant
	EN100 Ethernet module Modbus TCP variant
	EN100 Ethernet module IEC 61850 variant
	EN100 Ethernet module PROFINET IO variant
	EN100 Ethernet module IEC 104 variant

Timeline

Jun 14, 2022 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-693555.json advisory
https://cert-portal.siemens.com/productcert/txt/ssa-693555.txt advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-693555.pdf advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-167-05.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-22-167-05 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
https://support.industry.siemens.com/cs/us/en/view/109745821/ fix

Open in Interactive Console →