Siemens EN100 Ethernet Communication Module Multiple Denial of Service Vulnerabilities
Siemens EN100 Ethernet Communication module and Communication are prone to multiple denial-of-service vulnerabilities.
Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users.
Following products are vulnerable:
SIPROTEC 5 relays with CPU variants CP300 and CP100 prior to 7.80
SIPROTEC 5 relays with CPU variants CP200 prior to 7.5Firmware variant IEC 61850 for EN100 Ethernet module prior to 4.33Firmware variant PROFINET IO for EN100 Ethernet module, all versionsFirmware variant Modbus TCP for EN100 Ethernet module, all versions
Firmware variant DNP3 TCP for EN100 Ethernet module, all versions
Firmware variant IEC104 for EN100 Ethernet module, all versions