Siemens EN100 Ethernet Module
Plan Patch8.6ICS-CERT ICSA-22-167-05Jun 14, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
The EN100 Ethernet module contains a memory corruption vulnerability (CVE-2022-30937) in the web service interface that can be triggered remotely without authentication. The vulnerability affects all versions of the DNP3 IP, IEC 104, Modbus TCP, and PROFINET IO variants. Only the IEC 61850 variant has a patch available (version 4.37 or later). Successful exploitation could cause the module to crash or malfunction, disrupting communication between RTUs, PLCs, and SCADA systems.
What this means
What could happen
A memory corruption flaw in the EN100 Ethernet module could allow an attacker to crash the device or disrupt communication with attached control systems, causing loss of data acquisition or command delivery to critical infrastructure.
Who's at risk
Water utilities, electric utilities, and other critical infrastructure operators using Siemens EN100 Ethernet modules to interface with SCADA systems via IEC 104, Modbus TCP, PROFINET, DNP3, or IEC 61850 protocols should assess their deployments. Most variants have no patch available, making workarounds and network isolation critical.
How it could be exploited
An attacker on the network could send specially crafted packets to the EN100 module's web interface (ports 80 or 443) to trigger the memory corruption, disrupting the module's ability to process and relay IEC 104, Modbus TCP, PROFINET, DNP3, or IEC 61850 protocol messages.
Prerequisites
- Network-accessible EN100 Ethernet module with web service enabled
- Device must be reachable on port 80/TCP or 443/TCP
- No authentication required
Remotely exploitableNo authentication requiredLow complexity attackNo patch available for 4 of 5 variantsHigh CVSS score (8.6)Affects critical infrastructure communication modules
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (5)
1 with fix4 EOL
ProductAffected VersionsFix Status
EN100 Ethernet module IEC 61850 variant<V4.374.37
EN100 Ethernet module DNP3 IP variantAll versionsNo fix (EOL)
EN100 Ethernet module IEC 104 variantAll versionsNo fix (EOL)
EN100 Ethernet module PROFINET IO variantAll versionsNo fix (EOL)
EN100 Ethernet module Modbus TCP variantAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDDisable the web service within EN100 device configuration if not in use
WORKAROUNDBlock network access to port 80/TCP and 443/TCP at the perimeter firewall to restrict traffic to the EN100 module
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
EN100 Ethernet module IEC 61850 variant
HOTFIXUpdate EN100 Ethernet module IEC 61850 variant to version 4.37 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: EN100 Ethernet module DNP3 IP variant, EN100 Ethernet module IEC 104 variant, EN100 Ethernet module PROFINET IO variant, EN100 Ethernet module Modbus TCP variant. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate EN100 modules from untrusted networks using a secure substation concept and Defense-in-Depth strategy
HARDENINGRestrict network access to EN100 modules using firewall rules and access control lists
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e35ad7ce-0432-49c9-8744-e6083f4560d4