Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-4839
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions), Other SIPROTEC 4 relays (All versions), Other SIPROTEC Compact relays (All versions), SIPROTEC 4 7SD80 (All versions < V4.70), SIPROTEC 4 7SJ61 (All versions < V4.96), SIPROTEC 4 7SJ62 (All versions < V4.96), SIPROTEC 4 7SJ64 (All versions < V4.96), SIPROTEC 4 7SJ66 (All versions < V4.30), SIPROTEC Compact 7SJ80 (All versions < V4.77), SIPROTEC Compact 7SK80 (All versions < V4.77). An attacker with local access to the engineering system or in a privileged network position and able to obtain certain network traffic could possibly reconstruct access authorization passwords.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的加密强度
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Siemens产品加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIPROTEC 5等都是德国西门子(Siemens)公司的产品。Siemens SIPROTEC 5是一款多功能继电器。Siemens SIPROTEC 4是一款多功能继电器。Siemens SIPROTEC Compact是一款用于工业能源环境提供保护、控制、监视功能的安全设备。 多款Siemens产品中存在加密问题漏洞。攻击者可利用该漏洞重新构建访问授权密码。以下产品和版本受到影响:Siemens DIGSI 4 4.92之前版本;EN100 Ethernet module IEC
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
SiemensDIGSI 4 All versions < V4.92 -
SiemensEN100 Ethernet module DNP3 variant All versions < V1.05.00 -
SiemensEN100 Ethernet module IEC 104 variant All versions -
SiemensEN100 Ethernet module IEC 61850 variant All versions < V4.30 -
SiemensEN100 Ethernet module Modbus TCP variant All versions -
SiemensEN100 Ethernet module PROFINET IO variant All versions -
SiemensOther SIPROTEC 4 relays All versions -
SiemensOther SIPROTEC Compact relays All versions -
SiemensSIPROTEC 4 7SD80 All versions < V4.70 -
SiemensSIPROTEC 4 7SJ61 All versions < V4.96 -
SiemensSIPROTEC 4 7SJ62 All versions < V4.96 -
SiemensSIPROTEC 4 7SJ64 All versions < V4.96 -
SiemensSIPROTEC 4 7SJ66 All versions < V4.30 -
SiemensSIPROTEC Compact 7SJ80 All versions < V4.77 -
SiemensSIPROTEC Compact 7SK80 All versions < V4.77 -
II. Public POCs for CVE-2018-4839
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2018-4839
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: DIGSI 4
Same vendor: Siemens
Same weakness: CWE-326
V. Comments for CVE-2018-4839

No comments yet

Leave a comment