SSA-693555 — Vulnetix

SSA-693555 PUBLISHED CVSS 8.600000381469727 HIGH

EN100 Ethernet module is affected by memory corruption vulnerability (CVE-2022-30937). Siemens has released an update for the EN100 Ethernet module IEC 61850 variant and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

Risk Scores

CVSS 3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	EN100 Ethernet module IEC 61850 variant
	EN100 Ethernet module DNP3 IP variant
	EN100 Ethernet module IEC 104 variant
	EN100 Ethernet module PROFINET IO variant
	EN100 Ethernet module Modbus TCP variant

Exploit Intelligence

https://cert-portal.siemens.com/productcert/pdf/ssa-693555.pdf (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-693555.txt (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-693555.json (circl)
https://support.industry.siemens.com/cs/us/en/view/109745821/ (circl)

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-693555.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-693555.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-693555.json advisory
https://support.industry.siemens.com/cs/us/en/view/109745821/ fix

Open in Interactive Console →