Siemens EN100 Ethernet Module
Plan Patch8.6ICS-CERT ICSA-22-195-16Jul 12, 2022
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
EN100 Ethernet module is affected by a memory corruption vulnerability (CVE-2022-30938) in the web service functionality. An unauthenticated remote attacker can trigger a crash or potential code execution by sending a malformed request to ports 80 or 443. The vulnerability affects all variants: DNP3 IP, IEC 104, IEC 61850 (versions prior to 4.40), Modbus TCP, and PROFINET IO. Siemens has released a patch only for the IEC 61850 variant (v4.40 or later). For other variants, no fix is planned.
What this means
What could happen
A memory corruption flaw in EN100 Ethernet modules could allow an unauthenticated attacker on the network to crash the module or potentially execute code, disrupting communication with SCADA systems and field devices that rely on these modules for remote monitoring and control.
Who's at risk
Water and electric utilities operating Siemens EN100 Ethernet modules for SCADA communications. Affects engineers and operators who depend on EN100 modules to relay data from remote substations, pumping stations, or other field devices using DNP3, IEC 104, IEC 61850, Modbus TCP, or PROFINET IO protocols.
How it could be exploited
An attacker with network access to port 80 or 443 on an EN100 module can send a specially crafted request to the web service, triggering a memory corruption condition that crashes the device or allows remote code execution. This would disrupt communications between the master station and field devices connected via DNP3, IEC 104, IEC 61850, Modbus TCP, or PROFINET IO protocols.
Prerequisites
- Network access to the EN100 module on port 80/TCP or 443/TCP
- Web service must be enabled on the device (default)
- No authentication required
remotely exploitableno authentication requiredlow complexityno patch available for most variantsaffects critical infrastructure control systems
Exploitability
Moderate exploit probability (EPSS 1.8%)
Affected products (5)
1 with fix4 EOL
ProductAffected VersionsFix Status
EN100 Ethernet module IEC 61850 variant<V4.404.40
EN100 Ethernet module DNP3 IP variantAll versionsNo fix (EOL)
EN100 Ethernet module IEC 104 variantAll versionsNo fix (EOL)
EN100 Ethernet module Modbus TCP variantAll versionsNo fix (EOL)
EN100 Ethernet module PROFINET IO variantAll versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDDisable web service within EN100 device configuration if not required for operations
WORKAROUNDBlock network access to port 80/TCP and 443/TCP on all EN100 modules using a firewall or network access control list
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
EN100 Ethernet module IEC 61850 variant
HOTFIXUpdate EN100 Ethernet module IEC 61850 variant to firmware version 4.40 or later
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: EN100 Ethernet module DNP3 IP variant, EN100 Ethernet module IEC 104 variant, EN100 Ethernet module Modbus TCP variant, EN100 Ethernet module PROFINET IO variant. Apply the following compensating controls:
HARDENINGImplement network segmentation and defense-in-depth architecture to isolate EN100 modules from untrusted networks
HARDENINGApply secure substation design practices and consult Siemens customer care for variant-specific mitigation strategies
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/a30b1f14-f723-4a51-8741-77af0a04b10d